Privacy Policy
Last updated: 2026-05-23
ul. Wólczańska 124/12, 90-527 Łódź, Poland
Polish company register (KRS): 0001219380, VAT (NIP): 7252363467, REGON: 543801886
Data protection contact person: Karol Marcinkiewicz
GDPR contact: rodo@consentlane.com
The Polish version of this Privacy Policy is the legally binding version. This English translation is provided for convenience only.
1. Who we are
This Privacy Policy describes how we process personal data in connection with the Consentlane service available at https://consentlane.com (the „Service").
The Data Controller is NEXVERA Sp. z o.o., headquartered in Łódź, Poland, registered with the Polish National Court Register (KRS) by Sąd Rejonowy dla Łodzi-Śródmieścia w Łodzi, XX Wydział Gospodarczy KRS, under registration number 0001219380, share capital: 5 000,00 PLN.
2. What data we process
Depending on how you use the Service, we process the following categories of data:
Account data (after sign-up)
- email address (required for login and contact),
- password - stored in encrypted form (Argon2id hash); we do not know your password,
- company name (optional),
- interface language, billing plan, account creation date.
Site configuration data
- domains you have added to the panel,
- public keys (site identifiers),
- banner settings (colors, texts, language, position).
Technical data (logs)
- IP address (anonymized - see section 4),
- browser type (User-Agent),
- referrer page,
- request date and time.
3. Purposes and legal grounds for processing
- Service delivery (contract) - Article 6(1)(b) GDPR. We process account and configuration data to provide you with the dashboard and the cookie banner on your sites.
- Legal obligations - Article 6(1)(c) GDPR. Issuing invoices, tax settlements, archiving as required by law.
- Legitimate interest of the Controller - Article 6(1)(f) GDPR. Service security (anti-fraud, anti-abuse), technical analysis, pursuit of claims.
- Consent - Article 6(1)(a) GDPR. Newsletter, marketing communication (if you opt in).
4. Data collected via the cookie banner (for visitors of our Clients' websites)
If you visit a website that uses Consentlane as its cookie consent mechanism, we store the following data about your decision in our Client's database:
- Consent ID (consent_id) - random 32-character string, not linked to your identity,
- Consent categories - which cookie categories you accepted (analytics, marketing, preferences),
- Policy version in effect at the time of consent,
- IP address hash - SHA-256 with cryptographic salt. We do not store IP addresses in clear text; the hash cannot be reversed,
- Browser User-Agent (truncated),
- Consent timestamp.
The above data is pseudonymised and does not allow direct identification of an individual. It serves as proof of consent for GDPR audit purposes (Article 7(1) GDPR - „the controller shall be able to demonstrate that the data subject has consented").
5. Retention periods
- Account data: for the duration of the contract + 3 years (statute of limitations).
- Billing data (invoices): 5 years from the end of the tax year.
- Technical logs: 90 days.
- Cookie consent log: 5 years from consent (typical GDPR claim period).
- Newsletter: until consent is withdrawn.
6. With whom we share your data
Your data may be shared with the following categories of recipients:
- Hetzner Online GmbH (Germany) - server hosting for the application and database, data stored in data centres located within the European Union,
- Cloudflare, Inc. - content delivery network (CDN) and security,
- payment processors (Stripe Payments Europe Ltd. - for card payments),
- our accounting office,
- government authorities where required by law (tax offices, courts, law enforcement).
We do not sell your data. We do not share it with third parties for marketing purposes.
7. Data location and transfers outside the EEA
All application data (accounts, site configurations, consent logs) is stored on Hetzner Online GmbH servers in data centres located within the European Union (Germany). Data does not leave the EEA in the course of regular service operations.
Some of our sub-processors (Cloudflare, Stripe) may process data outside the EEA - in such cases, transfers occur under the Standard Contractual Clauses approved by the European Commission, with additional technical and organisational safeguards.
8. Your rights
In connection with the processing of your personal data, you have the following rights:
- right of access (Article 15 GDPR),
- right to rectification (Article 16 GDPR),
- right to erasure - „right to be forgotten" (Article 17 GDPR),
- right to restriction of processing (Article 18 GDPR),
- right to data portability (Article 20 GDPR),
- right to object to processing based on legitimate interest (Article 21 GDPR),
- right to withdraw consent at any time (if processing is based on consent),
- right to lodge a complaint with the supervisory authority (Polish President of the Personal Data Protection Office: PUODO, ul. Stawki 2, 00-193 Warsaw, Poland).
To exercise any of these rights, please send an email to rodo@consentlane.com. We will respond within 30 days.
9. Cookies on our own Service
The Consentlane Service itself (homepage, dashboard, documentation) uses a minimal set of cookies required for operation:
- PHPSESSID - user session after login (session cookie, deleted when the browser closes),
- cmp_consent - record of your cookie consent (180 days).
We do not use analytics or marketing cookies on the Consentlane Service itself. We build cookie consent banners - so we help other services do this right.
10. Automated decision-making
We do not make decisions based solely on automated processing of your personal data, including profiling, that would produce legal effects concerning you or similarly significantly affect you.
11. Data security
We apply technical and organisational measures appropriate to the risk, including in particular:
- encrypted connections (HTTPS, TLS 1.3),
- password hashing (Argon2id),
- IP address pseudonymisation in consent logs,
- access to data restricted to authorised personnel only,
- regular backups,
- infrastructure security monitoring.
12. Changes to this Privacy Policy
This Privacy Policy may be updated. We will notify you of material changes by email sent to the address provided at sign-up. The current version is always available at https://consentlane.com/legal/privacy.
13. Contact
For matters related to personal data protection: rodo@consentlane.com.
For other matters: hello@nexvera.pl.