last updated: [launch date]

Privacy policy

This policy is written to be read, not skimmed past. It covers this website and what happens to the details you send us through it.

Who is responsible

The data controller is [Veran sp. z o.o., ul. …, Warsaw, Poland, KRS …] ("Veran", "we"). For anything in this policy, write to hello@veranconsulting.com.

What we collect, and why

The contact form. If you write to us we receive what you type: your name, work email, company (if given), what you need, and your message. We use it for exactly one purpose — reading your inquiry and replying to it. The legal basis is taking steps prior to a possible contract at your request (GDPR Art. 6(1)(b)) and our legitimate interest in answering people who write to us (Art. 6(1)(f)).

Technical logs. Our hosting provider (Cloudflare) processes IP addresses and request metadata to serve the site and to protect it from abuse, as every host does. Basis: legitimate interest in operating a secure website (Art. 6(1)(f)).

Nothing else. This site sets no cookies, runs no cross-site trackers, embeds no third-party fonts, pixels, or widgets, and does not profile you. There is no consent banner because there is nothing to consent to.

How long we keep it

Inquiries that don't lead anywhere are deleted within 12 months. If we end up working together, your correspondence becomes part of the business relationship and is kept for as long as contract and tax law require.

Who processes data on our behalf

ProcessorWhat forWhereTransfer safeguard
Cloudflare, Inc. Hosting, CDN, security Global network (EU entry points) EU–US Data Privacy Framework + SCCs
Resend (Plus Five Five, Inc.) Delivering form submissions to our inbox USA EU–US Data Privacy Framework
Google Ireland Ltd. (Google Workspace) Our email inboxes EU / USA EU–US Data Privacy Framework + SCCs

Each processor acts under a data-processing agreement. We keep Standard Contractual Clauses in place as a fallback even where a processor holds a Data Privacy Framework certification.

Your rights

Under the GDPR you can ask us for access to your data, correction, deletion, restriction of processing, a portable copy, and you can object to processing based on legitimate interest. Email hello@veranconsulting.com and we'll act on it. No forms, no runaround.

If you believe we've handled your data unlawfully, you can complain to a supervisory authority. Ours is the Polish President of the Personal Data Protection Office (UODO), uodo.gov.pl.

What we don't do

← Back to the site