Privacy Policy of Kellton Poland sp. z o.o.

Definitions

1. Administrator – KELLTON POLAND sp. z o.o. with its registered office in Wrocław, ul. Wyścigowa 56g/2a, 53-012 Wrocław, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for Wrocław-Fabryczna in Wrocław, 6th Commercial Division of the National Court Register, under KRS number 0000466173, share capital: PLN 5,000.00, Tax Identification Number (NIP): 8992744652, contact: biuro@kellton.com,

2. Personal data – information about a natural person identified or identifiable by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, internet identifier and information collected through cookies and other similar technologies,

3. Policy – this Privacy Policy,

4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC,

5. Service/Website – a website administered by KELLTON POLAND that is visited by the User, i.e., eu.kellton.com or devops.eu.kellton.com,

6. User – any natural person using the Website,

7. Cookies – small text files stored on the User's device when using the Website and any other similar technologies used to collect information about the User's activity on the Website. Cookies may originate from the Administrator or from the Administrator's trusted partners.

I. Website Privacy Policy

1. Basic information

   In connection with the User's use of the Website, the Administrator collects data to the extent necessary to provide the individual services offered. This Privacy Policy regulates the manner in which the Administrator collects or otherwise processes the personal data of Website Users and during electronic communication, and also refers to information on the processing of personal data by the Administrator for other purposes.

   Purpose of data processing	Legal basis	Data retention period
   Provision of electronic services in the field of access Users of content collected on the Website, including the use of cookies, when they contain information constituting the User's personal data.	Article 6(1)(b) of the GDPR (necessity for the performance of a contract) and Article 6(1)(f) of the GDPR with regard to analytical cookies, when they contain information that allows the User to be identified (legitimate interest in improving the effectiveness of the Website)	The data is stored for the duration of the service provision or until an effective objection to processing is lodged. With regard to cookies, the User has the option of deleting them independently.
   Responding to a question asked via the contact form or by email	Article 6(1)(a) of the GDPR (based on the User's consent expressed by providing data during contact) – by sending an e-mail or contact form, you consent to the processing of the personal data contained therein for the purpose of responding to your enquiry.	The data is stored until the enquiry is processed or an effective objection to processing is lodged.
   	Article 6(1)(b) of the GDPR (processing is necessary for the performance of a service or in order to take steps prior to entering into a contract at the request of the data subject) – if you contact us to use our services.
   Where applicable – determination, protection, pursuit of claims	Article 6(1)(f) of the GDPR (legitimate interest consisting in securing the rights of the Controller)	The data is stored until the claims expire.

2. Processing of personal data for other purposes

   For information on the processing of personal data for purposes other than electronic communication, please refer to the relevant information clause available:

   1. HERE – if you are a contractor or employee of the Administrator's contractor,

   2. HERE – if you wish to apply for a job at Kellton,

   3. HERE – if you visit our social media sites.

3. Obligation to provide personal data

   Providing personal data is voluntary, but refusal to provide it may result in the inability to conclude and perform a contract or use the services we provide and/or other functionalities of the Website, and the inability to respond to your enquiry.

4. User rights in relation to the processing of personal data

   1. The user has the right to:

      1. access the content of the data, i.e. request a copy of the data,

      2. request the rectification of data,

      3. request the deletion or restriction of data,

      4. transfer data,

      5. lodge a complaint with the supervisory authority (i.e. the President of the Personal Data Protection Office).

   2. The user also has the right to object to the processing of data based on the legitimate interest of the Controller.

   3. To the extent that User data is processed on the basis of consent (Article 6(1)(a) of the GDPR), this consent may be withdrawn at any time by contacting the Controller at biuro@kellton.com. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.

5. Recipients of Personal Data

   1. We entrust personal data for processing under contract (in accordance with Article 28 of the GDPR) to entities whose services we use in connection with data processing, e.g. IT service providers, including mailing system providers, analytical service providers, providers of systems and programmes enabling the proper use of the Website and its functions.

   2. The Controller reserves the right to disclose selected information about the User to competent authorities or third parties who request such information on a legal basis and in accordance with applicable law.

6. Transfer of Personal Data outside the EEA

   1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller will only transfer Personal Data outside the EEA when necessary and with an adequate level of protection, primarily through:

      1. cooperation with entities processing Personal Data in countries for which the European Commission has issued an appropriate decision confirming the adequate level of protection of Personal Data,

      2. using standard contractual clauses issued by the European Commission,

      3. applying binding corporate rules approved by the competent supervisory authority.

   2. The Controller shall always inform you of its intention to transfer Personal Data outside the EEA at the stage of collection. Due to the fact that the Company uses the services of other providers, e.g. in the field of ICT services, and also transfers certain information within the capital group, Personal Data may be transferred outside the European Economic Area. In such a case, this will always be done in such a way as to ensure data security – for example, based on standard data protection clauses adopted by the European Commission.

   3. Information on the relevant safeguards can be obtained by writing to biuro@kellton.com.

7. Profiling

   Personal data will not be subject to profiling, nor will it be processed for the purpose of automated decision-making.

8. Personal Data Security

   1. The Controller conducts ongoing risk analysis to ensure that Personal Data is processed by it in a secure manner – ensuring, above all, that only authorised persons have access to the data and only to the extent necessary for the performance of their tasks. The Controller ensures that all operations on Personal Data are recorded and performed only by authorised employees and associates.

   2. The Controller takes all necessary measures to ensure that its subcontractors and other cooperating entities also guarantee the application of appropriate security measures whenever they process Personal Data on behalf of the Controller.

9. Contact details

   The Administrator can be contacted at the following address: biuro@kellton.com.

10. Changes to the Privacy Policy

    1. The Policy is reviewed on an ongoing basis and updated as necessary.

    2. The current version of the Policy was adopted and has been in force since 1 January 2026.

II. Cookie Policy

The website collects information about the user through cookies and similar technologies, the use of which usually involves installing this tool on the user's device (computer, smartphone, etc.). This information is used to remember the user's decisions (e.g. font selection, contrast, policy acceptance), maintain the user's session (e.g. after logging in), remember the password (with consent), collecting information about the user's device and their visit for security purposes, but also for analysing visits and customising content. Consent given to the use of cookies on any of the Websites automatically applies to all websites operating in the eu.kellton.com and devops.eu.kellton.com domains.

1. What are cookies used for on the Website?

   1. The Administrator uses cookies primarily to enable the User to access the Website and to facilitate the User's use of it.

   2. The Administrator also uses cookies for analytical and marketing purposes, but only if the User agrees to this when first using the Website.

   3. The Administrator also uses other technologies and technical solutions that allow access to information stored on the User's device or in the User's browser (e.g. Local Storage, thanks to which the Administrator gains access to information saved during the use of the Website in a separate part of the User's browser memory).

2. What types of cookies are used on the Website?

   Cookies used on the Website are divided into the following categories:

   TYPE	DESCRIPTION
   Essential cookies	These cookies are installed to provide the User with access to the Website and its basic functions, and therefore do not require the User's consent. Without the necessary cookies, the Administrator would not be able to provide services to Users within the Website.
   Optional cookies	The Administrator uses these cookies only if the User agrees to it. These are the following cookies: • functional – they allow you to remember your preferences or choices (such as your username, language, text size or other customisable elements) and provide you with personalised content within the Website; • analytical – they enable checking the number of visits and sources of traffic on the Website. They help to identify which of its features are more or less popular and understand how users navigate the Website. This allows the Administrator to improve the performance of the Website; • advertising – used to deliver advertisements tailored to the interests and preferences of Users. Based on information from these files and activity on other websites or services, a profile of Users' interests is built.

3. Does the Website use third-party cookies?

   When using the Website, the User may receive cookies from third parties cooperating with the Administrator. More detailed information can be found below:

   THIRD PARTY	DESCRIPTION
   Analytical service providers	In order to better understand how the Website works, the Administrator cooperates with analytical service providers such as Google. More information on how they use User data can be found here: https://support.google.com/analytics/answer/7318509?hl=en
   Advertising partners	The Administrator's advertising partners (Google) may use advertising cookies to display advertisements that they believe will be most interesting to the User and to measure the effectiveness of such advertisements on the Website.

4. For how long are cookies stored?

   The Website uses persistent and session cookies. Below you will find more information about how long they are stored:

   TYPE	DESCRIPTION
   Session cookies	Some cookies are temporary files stored until you log out, leave the Website or turn it off. These types of cookies help analyse traffic, identify and resolve technical issues, and make it easier to navigate the Website.
   'Persistent' cookies	'Persistent' cookies are stored for the period specified in their parameters or until they are deleted by the User. They help the Administrator remember the User's settings and preferences to make their next visit more convenient or to provide them with tailored content. Below is a list of cookies with their lifetime:

   Name	Purpose	Provider	Type	Duration	Category
   CookieConsent	Stores the visitor's cookie consent state for the current domain.	Cookiebot	HTTP Cookie	12 Months	Necessary
   CookieConsentBulkSetting	Track the visitor's consent across different websites within the same domain group to simplify the visitor's experience by only requiring a single consent action for multiple sites.	Cookiebot	HTTP Local Storage	12 Months	Necessary
   cf_clearance	Cloudflare security cookie. Confirms the visitor passed a bot check or security challenge (Turnstile).	Cloudflare	HTML Cookie	30 minutes	Necessary
   1.gif	Used to count the number of sessions to the website. Necessary for optimizing CMP product delivery.	Cookiebot	Pixel Tracker	Session	Necessary
   cf.turnstile.u	Used by Cloudflare Turnstile to distinguish human visitors from bots when using forms.	Cloudflare	HTML Local Storage	Persistent (short-lived)	Necessary
   CONTACT_FORM_DATA	Temporarily stores contact-form text so that visitors don't lose entered input while navigating. Deleted when visitors close their browser.	eu.kellton.com, devops.eu.kellton.com	HTML Session Storage	Session	Necessary
   _ga	Used to send data to Google Analytics about the visitor's device and behavior. Tracks returning visitors and counts them, across devices and marketing channels.	Google	HTTP Cookie	12 Months	Marketing
   _ga_#	Used to send data to Google Analytics about the visitor's device and behavior. Tracks sessions and interactions for a specific analytics property.	Google	HTTP Cookie	12 Months	Marketing

5. How can you change your cookie settings?

   1. The Website uses a consent management platform (CMP) to help the User manage their cookie preferences.

   2. The User can use the CMP to change their cookie settings. The CMP allows the User to:

      1. obtain detailed information about the cookies used on the Website and the Administrator's trusted partners;

      2. give and withdraw consent to the use of optional cookies by the Administrator and trusted partners;

      3. change previously selected settings.

6. Changes to the Cookie Policy

   1. The Cookie Policy is reviewed on an ongoing basis and updated as necessary.

   2. The current version of the Cookie Policy was adopted and has been in force since 1 January 2026.