Privacy

This website is operated by Dawid Grabowski. For privacy questions or requests, you can contact me at kontakt@grabowskidawid.com.

This policy applies to grabowskidawid.com and the contact form available on this website.

When you use the contact form, I collect the name, email address, and message you choose to send. The form also includes a hidden anti-spam field. If that field is filled in, the message may be treated as spam.

To protect the form from abuse, the server may process technical request data such as your IP address, user agent, request time, and basic delivery status. This helps detect repeated submissions and keep the form available.

Rate limit identifiers are stored as hashes, not as raw email addresses or IP addresses. Hashing is used to reduce what is stored while still letting the server count repeated contact attempts.

I do not intentionally collect special categories of personal data through this form. Please do not include sensitive information unless it is truly necessary for your message.

I use the information to receive your message, understand what you are asking about, reply to you, and keep a reasonable record of the conversation.

The legal basis is usually my legitimate interest in responding to messages sent through the website and protecting the contact form from abuse. If our conversation later turns into a project or contract, some information may also be needed before entering into or performing that agreement.

I do not use contact form messages for newsletters, automated profiling, or advertising.

Messages are sent through AWS SES, the email delivery service used by this site. AWS SES receives the sender name, sender email, message content, recipient address, and technical delivery information needed to send the email.

Rate limiting is handled with Redis. Redis stores hashed rate limit keys and counters used to limit repeated contact attempts.

The site may also be hosted or delivered through infrastructure providers that process normal server request data, such as IP address, browser information, requested URL, and timestamps, as part of operating and securing the website.

These providers process data only as needed to deliver the website, send the message, provide security, and operate the contact form.

I keep contact form emails only as long as needed to respond and keep reasonable records of the conversation. In ordinary cases, that means keeping the message while the conversation is active and for a reasonable period afterwards in case I need to refer back to it.

Rate limit data is temporary and is used to enforce the daily contact limit. The current contact form limit is five valid submissions per day.

If you ask me to delete a message, I will remove it unless I need to keep it for a legitimate reason, such as security, resolving a dispute, bookkeeping, or legal obligations.

I do not sell your personal data. I do not share contact form messages with advertisers or data brokers.

Your data may be processed by the service providers mentioned above. Depending on their infrastructure, this may involve processing outside Poland or the European Economic Area. Where that happens, the provider is responsible for using appropriate transfer safeguards.

I may disclose information if required by law or if it is necessary to protect the website, prevent abuse, or defend legal claims.

I use practical technical measures to reduce unnecessary exposure of contact data, including server-side validation, a hidden anti-spam field, rate limiting, hashed rate limit identifiers, and email delivery through a dedicated provider.

No website or email system can be guaranteed to be perfectly secure, so please avoid sending secrets, passwords, payment data, or highly sensitive information through the contact form.

Depending on the situation and applicable law, you can ask for access to your data, correction, deletion, restriction of processing, portability, or object to processing.

To make a request, email kontakt@grabowskidawid.com. I may ask for enough information to confirm that the request is really yours, especially before changing or deleting data.

If you are in the European Union and believe your data protection rights have not been respected, you can also contact your local data protection authority.

I may update this page when the website, contact form, or service providers change. The date at the top shows when this policy was last updated.