← Home 🇵🇱 Wersja polska

Privacy Policy

matury-online.pl website
Last updated: April 21, 2026

This document explains how we process your personal data in connection with your use of matury-online.pl. We care about your privacy and process data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and the Polish Personal Data Protection Act of 10 May 2018.

Note: matury-online.pl is a Polish educational service. All processing takes place under Polish and EU law. In case of any discrepancy between the Polish and English versions, the Polish version prevails.

Table of contents

  1. Data controller
  2. Contact regarding data protection
  3. Categories of processed data
  4. Purposes and legal bases of processing
  5. Data retention period
  6. Data recipients
  7. Data transfers outside the EEA
  8. Your rights
  9. Data of minors
  10. Cookies and similar technologies
  11. Artificial intelligence and automated decisions
  12. Data security
  13. Right to lodge a complaint
  14. Changes to the privacy policy

1. Data controller

The controller of your personal data within the meaning of Article 4(7) GDPR is:

Ecopywriting.pl Karol Leszczyński

Papowo Biskupie 119/18, 86-221 Papowo Biskupie, Poland

Tax ID (NIP): 9562216468

E-mail: kontakt@karol-leszczynski.pl

Hereinafter referred to as the “Controller” or “we”.

2. Contact regarding data protection

The Controller has not appointed a Data Protection Officer (DPO), as this is not legally required for the scope of the business. For all matters concerning the processing of your personal data — including to exercise your rights — you may contact the Controller at kontakt@karol-leszczynski.pl or in writing at the address above.

3. Categories of processed data

In connection with your use of the service, we process the following categories of your personal data:

4. Purposes and legal bases of processing

4.1. Service provision (contract conclusion and performance)

Legal basis: Art. 6(1)(b) GDPR — necessity to perform the electronic services contract to which you are a party.

Includes: account creation and maintenance, access to educational content, subscription and payment handling, saving of learning progress, AI essay evaluation, communication related to contract performance.

4.2. Legal obligations

Legal basis: Art. 6(1)(c) GDPR — necessity to comply with legal obligations (Polish Accounting Act, VAT Act).

Includes: issuing accounting documents, archiving invoices (5 years — Polish Accounting Act), handling complaints, official correspondence.

4.3. Own marketing and educational communication

Legal basis: Art. 6(1)(f) GDPR — legitimate interest of the Controller in maintaining user relationships and promoting its own services. For marketing e-mails — additionally Article 10(2) of the Polish Act on Providing Services by Electronic Means (consent).

Includes: study reminders, streak notifications, weekly summaries, information about new features. You may withdraw your consent to marketing communication at any time.

4.4. Analytics and service development

Legal basis: Art. 6(1)(a) GDPR — your consent granted via the cookie banner (for analytics and marketing cookies), and Art. 6(1)(f) GDPR — legitimate interest (for anonymous aggregated statistics).

Includes: traffic measurement (Google Analytics 4), service performance optimization, error analysis, user experience improvement.

4.5. Claim protection

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in the ability to pursue claims or defend against claims.

4.6. Security

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in ensuring the security of the service and preventing abuse (including reCAPTCHA, request limits).

5. Data retention period

We retain your personal data for the following periods:

6. Data recipients

We may transfer your data to the following categories of recipients, acting as processors based on data processing agreements (Art. 28 GDPR):

7. Transfers outside the European Economic Area (EEA)

Some of our providers are based outside the EEA (in particular Anthropic PBC and in some cases Google LLC, Stripe, Inc.). In such cases, data transfer takes place based on:

We apply additional technical safeguards (encryption in transit and at rest) and organizational ones (processor agreements, vendor audits). A copy of the safeguards is available upon request.

8. Your rights

Under GDPR, you have the following rights:

To exercise any of the above rights, contact us at kontakt@karol-leszczynski.pl. We respond without undue delay, no later than within one month of receiving the request. This period may be extended by a further two months in complex cases, about which we will inform you.

9. Data of minors

The service is directed at adults (18 years old or older). Persons who are 13 or older but not yet adults may use the service only with the consent and under the supervision of a legal representative (parent or legal guardian), who is responsible for contract conclusion, payments, and use of the service.

In accordance with Art. 8(1) GDPR and Art. 22¹ of the Polish Personal Data Protection Act, information society services (including matury-online.pl) may be offered to a child aged 16 or older based on their own consent. For children under 16, the consent of a legal representative is required.

We do not knowingly collect data of children under 13. If we learn that we process such data without parental consent, we will promptly delete it.

10. Cookies and similar technologies

The service uses cookies and similar technologies (including localStorage). Detailed information about the cookies used, their purposes and retention periods is available in the Cookie Policy.

We use Google Consent Mode v2, which by default blocks all analytical and marketing cookies until you give consent. You can change your consents at any time by clicking the 🍪 icon in the lower left corner of the screen.

11. Artificial intelligence and automated decisions

Within the service, we use artificial intelligence models (Anthropic Claude) for:

AI evaluations do not constitute a binding decision within the meaning of Art. 22 GDPR — they are auxiliary educational tools, and do not replace teacher assessment or state exam (matura) results. They do not produce legal effects concerning you or similarly significantly affect you.

You always have the right to:

Content sent to AI models is processed in accordance with the privacy policies of the respective providers (Anthropic PBC) and — based on the agreements concluded — is not used to train models in the context of commercial API use.

12. Data security

We apply technical and organizational measures adequate to the risk, including:

13. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates GDPR. The competent authority in Poland is:

President of the Personal Data Protection Office (UODO)

ul. Stawki 2, 00-193 Warsaw, Poland

Tel. +48 22 531 03 00

Website: uodo.gov.pl

14. Changes to the privacy policy

This policy may change due to amendments to the law, introduction of new service features, or changes in data processing. We will notify you of material changes at least 7 days in advance via e-mail or a service notice. The current version of the policy along with the date of the last update is always available on this page.


Document version as of: April 21, 2026.
In case of any discrepancy between the Polish and English versions, the Polish version is binding.