Privacy Policy

Short, honest, and written so you don't need a lawyer to read it. This policy explains what data we collect, why, how long we keep it, and your rights under the EU General Data Protection Regulation (GDPR).

Last updated: April 2026

Who we are

Consulting Huber, Borzobohatego 28, 01-192 Łomianki, Poland. NIP PL5272509306. Contact: hello@consulting-huber.com. We are the data controller for any personal data you share with us through this site.

What we collect, and why

We collect only what we need to run the site and talk to you.

• Contact form submissions. Your name, email, company, and the message you write us. Legal basis: your consent and our legitimate interest in responding to inbound enquiries (GDPR Art. 6(1)(a) and (f)). We store these in Google Firestore (hosted in the eur3 multi-region — Frankfurt and Netherlands) and use the Firebase "Trigger Email from Firestore" extension to deliver a notification by email via Google Workspace SMTP.
• Analytics. We use a self-hosted analytics script (Umami, hosted on our infrastructure at internal-stats.flowtly.net). It records aggregate metrics — page views, country, referrer, device type — without setting cookies and without storing IP addresses. No personal identifiers.
• Server logs. Our hosting provider (AWS CloudFront + S3) keeps short-lived request logs for security and abuse prevention. These are deleted within 30 days.

What we do not collect

• No advertising or third-party tracking cookies.
• No social-media pixels.
• No cross-site fingerprinting.
• No marketing automation that tracks you across visits.

How long we keep it

• Contact form submissions: 24 months from the date of last contact, then deleted. Deleted sooner on request.
• Ongoing client communications: for the duration of the engagement plus the period required by Polish commercial and tax law (currently five years from the end of the financial year in which the last invoice was issued), then deleted.
• Analytics: aggregate, anonymised, kept indefinitely for trend analysis — you cannot be re-identified.
• Server logs: up to 30 days.

Who we share it with

Under GDPR Art. 13(1)(e), we share personal data only with the processors we use to run the site and deliver engagements. The full list of categories of recipients is:

• Google Ireland Ltd. (Firebase Firestore) — eur3 multi-region (Frankfurt + Netherlands) — to receive and store contact-form submissions.
• Google Ireland Ltd. (Google Workspace / Gmail SMTP) — to deliver the notification email when a contact form is submitted, and to handle subsequent client correspondence.
• Amazon Web Services EMEA SARL (CloudFront + S3) — Ireland region — static site hosting and short-lived request logs.

We do not sell personal data. We do not share it with advertisers. Where a processor has any data flow outside the EU/EEA (for example Google's sub-processor network), we rely on the EU Standard Contractual Clauses.

Your rights under the GDPR

You have the right to:

• Access the personal data we hold about you.
• Correct it if it's wrong.
• Ask us to delete it.
• Object to processing, or restrict it.
• Port it to another controller.
• Withdraw consent you previously gave.
• Lodge a complaint with the Polish Personal Data Protection Office (UODO) or your local supervisory authority.

To exercise any of these rights, write to hello@consulting-huber.com. We aim to respond within 14 days.

Cookies

This site does not set tracking cookies. The analytics we use is cookie-less. The only storage we use locally in your browser is to remember language preference when you switch between EN / DE / FR / PL.

Changes to this policy

If we materially change how we handle data, we'll update this page and the "last updated" date. For anything significant, we'll say so in plain language.