LabCalibrate.com Back to home

Privacy Policy

Last updated: December 31, 2025

Important: This document constitutes a template privacy policy and should be adapted to your company's individual needs. We recommend consulting with a lawyer specialising in EU privacy law and GDPR to ensure full compliance.

1. General Provisions

This Privacy Policy specifies the rules for handling personal data by the LabCalibrate.com service (hereinafter referred to as the "Service", "we", "us", or "our") and the rights of data subjects related to the handling of their personal data.

The controller of your personal data is: Ivan Menshykov, operating as a sole trader registered in Poland, European Union, with registered address at: Starowiejska str. 16/2, 81-356 Gdynia, Poland (hereinafter referred to as the "Controller", "we", "us", or "our").

This Privacy Policy is governed primarily by the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Polish data protection laws.

We aim to handle data responsibly for all users worldwide, including users located outside the EU, such as Australia.

Note for Australian users: We aim to handle data responsibly for Australian users; this policy is governed primarily by EU GDPR.

2. Contact with the Controller

For all matters concerning the handling of personal data, you may contact the Controller:

You have the right to lodge a complaint with the supervisory authority responsible for data protection in Poland: President of the Office for Personal Data Protection (Prezes Urzędu Ochrony Danych Osobowych), if you consider that the handling of your personal data breaches GDPR or applicable Polish law.

Users from outside the EU may have additional rights under their local data protection laws.

3. Scope of Collected Data

3.1. Automatically Collected Information

While using the Service, the following information may be collected automatically:

  • IP address
  • Browser type and version
  • Operating system
  • Visited pages
  • Time spent on the site
  • Device information

3.2. Voluntarily Provided Information

To use the full functionality of the Service, you may be asked to provide:

  • First and last name
  • Email address
  • Company/laboratory name
  • Phone number (optional)
  • Laboratory instrument data (type, serial number, calibration date)
  • Documents (calibration certificates, reports)

4. Purpose and Legal Basis for Processing

Your personal data is processed for the following purposes:

  • Provision of services – to create and maintain a user account and provide Service functions.
    Legal basis: Contract performance (Article 6(1)(b) GDPR).
  • Service operation and security – to ensure proper functioning, security, and technical maintenance.
    Legal basis: Legitimate interest (Article 6(1)(f) GDPR).
  • Marketing – if you have consented to receiving commercial information.
    Legal basis: Consent (Article 6(1)(a) GDPR). You may withdraw consent at any time.
  • Analytics and statistics – to improve Service functionality.
    Legal basis: Legitimate interest (Article 6(1)(f) GDPR).
  • Legal obligations – to fulfill obligations arising from EU and Polish law, particularly taxation and accounting requirements.
    Legal basis: Legal obligation (Article 6(1)(c) GDPR).

5. Data Recipients

Your personal data may be disclosed to the following recipients:

  • Data processors – service providers who process data on our behalf:
    • Cloudflare R2 – file storage (calibration certificates, documents)
    • Hosting providers – infrastructure and server hosting
    • Email service providers – transactional email delivery
    • Analytics tools – website and service analytics (if used)
  • Government authorities – if required by applicable EU or Polish law.
  • Other entities – only with your consent or in cases provided by law.

All data processors are carefully selected and bound by contractual data processing agreements (DPAs) under Article 28 GDPR.

6. International Data Transfers

Your personal data may be transferred outside the European Union. We ensure that appropriate safeguards are in place to protect your data in accordance with GDPR requirements:

  • Using Standard Contractual Clauses (SCCs) where required
  • Selecting service providers with EU-US Data Privacy Framework certification (where applicable)
  • Ensuring recipients provide adequate protection under GDPR Chapter V

For more information about international transfers and safeguards, please use the form on the main page to contact us.

6.1. Data Hosting Locations

Your data is stored in the following locations:

  • Database: Hosted with MongoDB Atlas in EU (Frankfurt, Germany)
  • File storage: Cloudflare R2 with global edge locations. Files may be stored in various geographic regions for performance and redundancy.
  • Application: Hosted with Hostkey in Netherlands
  • Logs/analytics: Server logs stored on Hostkey (Netherlands), user analytics with PostHog (EU region)

6.2. Subprocessors

We use the following subprocessors to provide the Service:

  • MongoDB Atlas – Database hosting. Location: Frankfurt, Germany (EU)
  • Cloudflare R2 – File storage (calibration certificates, reports). Location: Global network with EU presence
  • Hostkey – Application hosting. Location: Netherlands
  • PostHog – Analytics and user behavior tracking. Location: EU region
  • Resend – Transactional email delivery (calibration reminders, notifications). Location: Global infrastructure
  • Stripe – Payment processing (when subscriptions are enabled). Location: Global infrastructure with EU presence

All subprocessors are carefully selected and bound by contractual data processing agreements (DPAs) under Article 28 GDPR. For a complete list of subprocessors or to object to a new subprocessor, please use the form on the main page to contact us.

7. Data Retention Period

Your personal data will be stored:

  • User account information – for the duration of using the Service, then for a period required by law (typically 5-10 years after account closure for Polish tax purposes).
  • Transaction and accounting information – for a period of 5-10 years from the end of the financial year in which the transaction occurred, as required by Polish tax regulations.
  • Analytical information – for a period of 24 months.
  • Legal claims – for the period of limitation of claims (typically 6-10 years in Poland/EU).

8. Your Rights under GDPR

Under GDPR and applicable Polish law, you have the following rights:

  • Right of access (Article 15 GDPR) – you may request access to data we hold about you.
  • Right to rectification (Article 16 GDPR) – you may request correction of inaccurate data.
  • Right to erasure ("right to be forgotten") (Article 17 GDPR) – you may request deletion of your data in certain circumstances.
  • Right to restriction of processing (Article 18 GDPR) – you may request limiting how we use your data.
  • Right to data portability (Article 20 GDPR) – you may request your data in a structured, commonly used format.
  • Right to object (Article 21 GDPR) – you may object to processing based on legitimate interest.
  • Right to withdraw consent – you may withdraw consent for marketing at any time.
  • Right to lodge a complaint – you may lodge a complaint with the Polish supervisory authority (UODO) or your local data protection authority.

To exercise these rights, please use the form on the main page to contact us.

9. Cookies and Similar Technologies

The Service uses cookies – small text files stored on your device. We use:

  • Essential cookies – necessary for the Service to function.
  • Analytical cookies – for statistical purposes.
  • Functional cookies – to remember preferences.

You can manage cookies in your browser settings. Disabling essential cookies may limit Service functionality.

10. Data Security

We take appropriate technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction, including:

  • Data transmission encryption (industry-standard TLS)
  • Data encryption at rest
  • Access control
  • Regular system updates
  • Breach response procedures

Despite the security measures in place, we cannot guarantee complete security of data transmission via the Internet.

11. Data Breaches

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you without undue delay in accordance with GDPR Article 34. We will also notify the supervisory authority where required under GDPR Article 33.

12. Policy Changes

We reserve the right to change this Privacy Policy. Users will be informed of significant changes by email or through a notice in the Service.

Have questions?

Contact us at contact@labcalibrate.com or use the form on the main page.