Privacy Policy – PawlakAcademy.com

Effective date: 15.08.2025

At PawlakAcademy.com, your privacy is a priority. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR).

1. Who We Are

The data controller is:

Dr. Paweł Pawlak (PawlakAcademy.com)
Registered in Poland
MAGNIS CENTRUM PAWEŁ PAWLAK

Obywatelska 102/104/308

94-118 Łódź

NIP: 727-257-26-36

REGON: 100080102
Email: [email protected]
Website: https://pawlakacademy.com

Data Protection Officer (DPO): At this time, we are not required to appoint a Data Protection Officer under GDPR Article 37. However, if you have questions about data protection, please contact us at [email protected] and your inquiry will be handled by our designated privacy team.

Note: If our data processing activities change in a way that requires a DPO appointment (e.g., large-scale systematic monitoring or large-scale processing of special category data), we will appoint one and update this section accordingly.

2. What Data We Collect

We may collect and process the following personal data when you interact with our site:

For all users:

• First name
• Email address
• IP address
• Website usage (via cookies or analytics tools)
• Other data you voluntarily submit (e.g. survey answers, contact forms)

When you purchase our products or services:

• Full name
• Billing address (Address Line 1, Apt/Suite/Etc, City, State/Province/Region, Zip/Postal Code, Country)
• Tax ID (if applicable)
• Payment information (processed securely by our payment processors - we do not store complete credit card details)
• Purchase history and transaction records
• Subscription status and preferences
• Communication preferences

Through affiliate program:

• Referral data and tracking information
• Affiliate account details
• Payment information for commission payments

2A. Purchase of Products and Services

We offer various educational products and services including:

• MBAinAction: Real Leadership Skills for Real Leaders – available as subscription and one-time purchase
• MBAinAction + Coaching – premium subscription service
• MBAinAction for New Role – specialized course
• MBAinAction for Teams – group programs
• Negotiations course – specialized training

When you purchase any of our products or subscribe to our services, we collect the information necessary to process your order, deliver the product, provide customer support, and fulfill our legal obligations (including tax and accounting requirements).

Subscription Services

Our subscription products automatically renew according to the billing cycle you selected (monthly or annual) unless you cancel before the renewal date. You can manage your subscription and cancel at any time through your account dashboard or by contacting us.

3. How and Why We Use Your Data

We collect your data for the following purposes:

For free content and newsletter:

• To send you the free ebook and onboarding email sequence
• To subscribe you to our newsletter
• To provide educational content, updates, and relevant offers
• To improve our services and website experience via analytics

For purchases and paid services:

• To process your orders and payments
• To deliver purchased products and services
• To provide customer support
• To send transactional emails (order confirmations, receipts, account updates)
• To manage subscriptions and renewals
• To comply with tax and accounting obligations
• To detect and prevent fraud
• To send you product updates and relevant communications about your purchases

For marketing and promotions:

• To send you promotional offers, discount codes, and coupons (only if you opted in)
• To inform you about new products and special offers

We send our newsletter no more than once per week, and only if you have opted in via our website form. You can unsubscribe at any time by clicking the "unsubscribe" link in any email or contacting us directly.

Our newsletter typically contains educational content related to leadership, industry updates, and occasional offers for our premium courses or services.

3A. Affiliate Program

We operate an affiliate program that allows partners to earn commissions by referring customers to our products.

For affiliate partners, we collect:

• Contact and account information
• Referral tracking data (via cookies and tracking links)
• Payment information for commission payments
• Performance metrics and analytics

For customers referred by affiliates:

• We use cookies and tracking mechanisms to attribute purchases to the referring affiliate
• This data is used solely for commission calculation and program management
• Affiliate cookies typically expire after 30-90 days

If you do not wish to be tracked through affiliate links, you can clear your cookies or visit our website directly.

3B. Coupons, Discounts, and Promotions

We may offer promotional codes, discount coupons, and special offers to our subscribers and customers. When you use a coupon or participate in a promotion:

• We track coupon usage for validation and fraud prevention
• We may analyze promotional campaign effectiveness
• We may send you relevant offers based on your interests (if you opted in to marketing communications)

4. Legal Basis for Processing

We process your personal data on the following legal grounds:

• Consent: When you opt-in to receive our newsletter, free ebook, marketing communications, or submit your information through our forms
• Contract: When necessary to fulfill our obligations to you (e.g., delivering purchased products, processing payments, managing subscriptions)
• Legitimate Interest: To improve our website and services, respond to your inquiries, send relevant content to existing subscribers, prevent fraud, and manage our affiliate program
• Legal Obligation: When required to comply with applicable laws and regulations (e.g., tax laws, accounting requirements, consumer protection laws)

5. How Long We Store Your Data

We store your data for specific periods as required by law and business necessity:

For newsletter subscribers:

• Active subscription: as long as you are subscribed to our newsletter
• After unsubscribing: up to 3 years for legitimate business interests (e.g., to honor opt-out requests)
• Upon deletion request: immediately, except where legal retention applies

For customers:

• Transaction records and invoices: 5 years from the end of the tax year in which the transaction occurred (required by Polish tax law - Article 70 § 1 of the Tax Ordinance Act)
• Payment data: processed and stored by payment processors; we do not retain full payment card details
• Account information: as long as you have an active account or active subscription, plus 30 days after account closure
• Customer support records: 3 years after the last interaction
• Marketing communications data: 3 years from your last interaction with our marketing communications (or until you withdraw consent)
• Course access and progress: as long as you have an active subscription or lifetime access to purchased products

For affiliate partners:

• Active relationship: as long as the affiliate relationship is active
• Commission records: 5 years from the end of the tax year (required by Polish tax law)
• After relationship ends: 12 months for operational purposes, then archived for tax purposes

System logs and security data:

• 12 months for security monitoring and fraud prevention

Cookie data:

• Analytics cookies: up to 26 months
• Marketing cookies: up to 13 months
• Essential cookies: session-based or up to 12 months

We regularly review our data retention practices to ensure compliance with applicable laws.

6. Your Rights Under GDPR

You have the right to:

• Access your personal data
• Correct or update your data
• Request deletion of your data (subject to legal retention requirements)
• Object to processing
• Request restriction of processing
• Data portability
• Withdraw consent at any time
• File a complaint with a supervisory authority (in Poland: Urząd Ochrony Danych Osobowych - UODO)

To exercise any of these rights, contact us at [email protected]

You can unsubscribe from our newsletter at any time by clicking the link in any email or by contacting us directly.

Please note: Some data may need to be retained for legal compliance (e.g., transaction records for tax purposes) even if you request deletion.

6A. Consumer Rights Related to Purchases

In addition to your GDPR rights, as a consumer you have:

Right to cancel/withdraw (EU consumers):

• You have 14 days to cancel your purchase of digital content if you have not yet started accessing it
• For digital products where access begins immediately, you may waive the 14-day withdrawal right by agreeing to immediate access at checkout
• For ongoing subscriptions, you can cancel at any time through your account or by contacting us

Right to refund:

• Our refund policy is outlined in our Terms and Conditions
• For subscription services, if you cancel during a billing period, you will retain access until the end of that period

Access to your purchase:

• You can access your purchased products through your account dashboard
• You will receive email confirmations with access instructions

To exercise these rights, contact us at [email protected] or manage your account through your dashboard.

7. Third-Party Services

We use trusted external platforms that may process your data on our behalf. All third-party providers comply with GDPR or equivalent data protection frameworks and act as data processors under our instruction.

Platform and course delivery:

• Kajabi, LLC (USA): Provides our website hosting, course platform, email automation, payment processing, and customer relationship management
• Role: Data processor
• Data processed: All customer and user data described in Section 2
• Safeguards: EU-US Data Privacy Framework, Standard Contractual Clauses
• Privacy policy: https://kajabi.com/privacy

Analytics:

• Google Analytics (Google LLC, USA): Website usage analytics
• Role: Data processor
• Data processed: IP addresses (anonymized), device information, browsing behavior, demographics
• Safeguards: Standard Contractual Clauses, IP anonymization enabled
• Opt-out: https://tools.google.com/dlpage/gaoptout
• Privacy policy: https://policies.google.com/privacy

Payment processors:

• Stripe, Inc. (USA): Credit/debit card payment processing
• Role: Independent data controller for payment data
• Data processed: Payment card information, billing address, transaction details
• Safeguards: PCI-DSS Level 1 certified, EU-US Data Privacy Framework, Standard Contractual Clauses
• We do not store complete credit card information on our servers
• Privacy policy: https://stripe.com/privacy
• PayPal, Inc. (USA): PayPal payment processing
• Role: Independent data controller for payment data
• Data processed: PayPal account information, transaction details
• Safeguards: PCI-DSS certified, EU-US Data Privacy Framework, Standard Contractual Clauses
• Privacy policy: https://www.paypal.com/privacy

Affiliate tracking:

• KAJABI AFFILIATE PROGRAM: Tracking and managing affiliate partnerships
• Role: Data processor
• Data processed: Referral data, cookies, commission information
• Retention: Cookies expire after 30-90 days

Email service:

• Email delivery is handled through Kajabi's infrastructure, which uses industry-standard email delivery services

Customer support:

• Customer support communications may be managed through Kajabi or email systems that comply with GDPR

Your Control Over Third-Party Services

Analytics opt-out: You can prevent Google Analytics from recognizing you on return visits by disabling cookies in your browser or using the Google Analytics opt-out browser add-on.

Advertising cookies: You can opt out of targeted advertising through:

• Our cookie consent banner
• Browser privacy settings
• Industry opt-out platforms like http://www.aboutads.info/choices/ or http://www.youronlinechoices.eu/

Payment processor choice: We offer multiple payment options so you can choose your preferred processor.

Changes to Third-Party Services

We regularly review our third-party service providers. If we add new processors or change existing ones:

• We will update this list
• For significant changes, we will notify existing customers
• You may object to new processors (see Section 16)

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These include:

• Encryption of data in transit (SSL/TLS) and at rest where appropriate
• PCI-DSS compliance through our payment processors for payment card data
• Regular security assessments and vulnerability testing
• Access controls and authentication procedures
• Staff training on data protection
• Secure data backup procedures
• Fraud detection mechanisms for transactions

Despite these measures, no internet transmission is completely secure. We cannot guarantee absolute security of data transmitted to our website.

9. International Data Transfers

Although this website is operated from the EU (Poland), the data we collect may be processed outside the European Economic Area (EEA). Some of our third-party service providers (such as Kajabi, Stripe, PayPal) may be based in the United States or other countries.

When transferring data outside the EEA, we ensure appropriate safeguards are in place:

For transfers to the United States:

• EU-US Data Privacy Framework: We work with service providers certified under the EU-US Data Privacy Framework, which replaced the Privacy Shield and provides adequate protection for EU personal data
• Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses with processors not covered by adequacy decisions

For transfers to other countries:

• We assess the adequacy of protection in the destination country
• We implement appropriate contractual, technical, and organizational measures
• We use SCCs or other legally approved transfer mechanisms where necessary

Specific processor safeguards:

• Kajabi, LLC (USA): EU-US Data Privacy Framework participant and Standard Contractual Clauses
• Stripe (USA): EU-US Data Privacy Framework participant and Standard Contractual Clauses
• PayPal (USA): EU-US Data Privacy Framework participant and Standard Contractual Clauses
• Google Analytics: Standard Contractual Clauses and enhanced data protection settings

By submitting your data and making purchases, you acknowledge and agree to its transfer and processing according to this policy. We continuously monitor international data protection developments to ensure ongoing compliance.

10. Cookies

We use cookies to improve website functionality, measure traffic, and enable essential features. We use the following types of cookies:

• Necessary cookies: Essential for the website to function properly (e.g., shopping cart, authentication)
• Preference cookies: Allow the website to remember choices you make
• Analytics cookies: Help us understand how visitors interact with our website
• Marketing cookies: Used to track visitors across websites to display relevant advertisements
• Affiliate tracking cookies: Used to attribute purchases to referring affiliates (typically 30-90 day expiration)

You may refuse cookies in your browser settings or through our cookie consent banner. Please note that disabling certain cookies may affect website functionality, including the ability to make purchases.

11. Data Breach Procedures

We take data security seriously and have established comprehensive procedures to handle potential personal data breaches in compliance with GDPR Article 33 and 34.

Our Response Process

In the event of a personal data breach that may pose a risk to your rights and freedoms, we will:

1. Detection and Assessment (0-24 hours):

• Detect and contain the breach immediately
• Assess the nature, scope, and potential consequences
• Determine the type and volume of personal data affected
• Identify affected individuals
• Evaluate the risk level (low, medium, high)

2. Supervisory Authority Notification (within 72 hours):

• Notify the Polish Data Protection Authority (UODO) within 72 hours of becoming aware of the breach (as required by GDPR Article 33)
• Provide detailed information including:
• Nature of the breach
• Categories and approximate number of affected individuals
• Categories and approximate number of affected personal data records
• Name and contact details of our data protection contact
• Description of likely consequences
• Measures taken or proposed to address the breach and mitigate harm

3. Individual Notification (without undue delay): If the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and provide:

• Description of the breach in clear, plain language
• Name and contact details of our data protection contact
• Description of likely consequences
• Description of measures taken or proposed to address the breach
• Recommendations to mitigate potential adverse effects (e.g., changing passwords, monitoring accounts)

4. Documentation: We maintain a register of all data breaches (regardless of severity) documenting:

• Facts of the breach
• Its effects
• Remedial action taken
• This documentation is available for review by supervisory authorities

When We May Not Notify You Individually

We may not be required to notify affected individuals if:

• We implemented appropriate technical and organizational protection measures (e.g., encryption) that render the data unintelligible to unauthorized persons
• We have taken subsequent measures ensuring the high risk is no longer likely to materialize
• Individual notification would require disproportionate effort (in which case we will make a public communication or similar measure)

Your Response to a Breach

If we notify you of a breach, we recommend you:

• Follow any specific instructions provided in our notification
• Change your password immediately if credentials may have been compromised
• Monitor your accounts and transactions for suspicious activity
• Enable two-factor authentication if available
• Consider placing fraud alerts on financial accounts if payment information was affected
• Report any suspicious activity to us and relevant authorities

Preventing Breaches

We proactively work to prevent breaches through:

• Regular security audits and penetration testing
• Employee training on data protection and security
• Access controls and authentication procedures
• Encryption of sensitive data
• Regular software updates and patches
• Incident response planning and testing
• Vendor security assessments

Reporting Suspected Breaches

If you suspect a data breach or security incident involving your personal data, please immediately contact us at:

• Email: [email protected] 
• Subject line: "URGENT: Potential Data Breach"

Provide as much detail as possible about the suspected breach so we can investigate promptly.

Third-Party Breaches

If a breach occurs at one of our processors (such as Kajabi, Stripe, or PayPal), they are contractually obligated to notify us immediately. We will then assess whether we need to notify you and the supervisory authority according to the procedures above.

12. Automated Decision-Making and Profiling

We use limited automated processing and profiling to improve your experience with our services, but we do not make decisions that produce legal effects or similarly significantly affect you solely through automated means.

What We Do

Profiling for personalization (Article 4(4) GDPR):

• Content recommendations: We may suggest courses or resources based on your previous purchases, browsing history, and course completion rates
• Email personalization: We segment our email list based on your engagement (which emails you open, which links you click) to send more relevant content
• Learning path optimization: If you're enrolled in our courses, we may suggest next steps based on your progress and performance
• Behavioral analytics: We analyze aggregated user behavior to improve course content and platform functionality

Marketing segmentation:

• Purchase history-based targeting: suggesting related courses or products
• Engagement-based content: sending follow-up materials based on topics you've shown interest in
• Abandoned cart reminders: automated emails if you started but didn't complete a purchase
• Re-engagement campaigns: for inactive subscribers

Your Rights Regarding Profiling

Under GDPR (Article 22) and CCPA, you have the right to:

• Opt out of profiling for marketing purposes at any time by:
• Adjusting your email preferences
• Unsubscribing from marketing emails
• Contacting us at [email protected] 
• Request information about the logic involved in profiling
• Object to profiling on grounds relating to your particular situation
• Request human intervention if you believe an automated decision adversely affects you

Limitations

We DO NOT use automated decision-making or profiling for:

• Determining your eligibility to purchase our products
• Setting personalized pricing (all customers see the same prices unless using publicly available coupon codes)
• Making decisions about refunds or customer support (always reviewed by humans)
• Employment, credit, or other legally significant decisions
• Facial recognition, emotion recognition, or biometric profiling
• Sensitive personal data processing without explicit consent

Transparency

When we use automated processing that significantly affects you, we will:

• Inform you at the time of data collection
• Explain the logic and significance of the processing
• Provide meaningful information about the consequences
• Offer you the right to opt out or object

Third-Party Tools

Some of our service providers (such as email marketing platforms and analytics tools) may perform automated analysis. These activities are:

• Limited to the purposes described in this policy
• Subject to our data processing agreements
• Under our instruction and control
• Subject to your right to opt out

Google Analytics: Uses algorithms to analyze user behavior. You can opt out using Google's opt-out browser add-on.

Email automation (Kajabi): May use engagement signals to optimize email delivery times. This processing is based on our legitimate interest in effective communication.

California Residents (ADMT Rights)

If you are a California resident and we use Automated Decision-Making Technology (ADMT) as defined under CCPA for significant decisions, you have additional rights described in Section 15 of this policy.

13. Children's Privacy

Our services are not directed at children under 16 years of age (the age of consent for processing personal data in Poland under GDPR). We do not knowingly collect personal data from children without proper parental or guardian consent.

Age verification: We may implement age verification mechanisms during registration to ensure compliance with this policy.

Parental consent: If we learn that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information as quickly as possible.

For parents/guardians: If you believe we have collected data from a child under 16, please contact us immediately at [email protected]  and we will:

• Verify the claim
• Delete the child's data from our systems
• Terminate any accounts or subscriptions associated with the child

Exception: In certain educational contexts where parental consent has been properly obtained, we may process data of users under 16 in compliance with applicable laws.

14. VAT and Tax-Related Data Processing

As we conduct business internationally and are subject to Polish and EU tax regulations, we process certain data for tax compliance purposes:

VAT identification numbers: If you are a business customer from the EU, we may collect and verify your VAT-UE identification number for:

• Determining the correct VAT treatment of transactions
• Issuing proper invoices
• Complying with VIES (VAT Information Exchange System) reporting obligations
• Preventing VAT fraud

VAT OSS (One Stop Shop): For sales to consumers in other EU member states, we use the VAT OSS system to:

• Declare and pay VAT in the country of consumption
• Maintain records of cross-border sales
• Ensure compliance with EU e-commerce VAT rules

Tax ID numbers: We may collect Tax ID numbers where required by local tax regulations (e.g., for reverse charge mechanisms or tax reporting).

International sales: For sales outside the EU, we process transaction data as required by:

• Polish tax authorities (Krajowa Administracja Skarbowa)
• Customs authorities for export documentation
• Local tax requirements in destination countries where applicable

Legal basis: Processing for tax purposes is based on legal obligation (Article 6(1)(c) GDPR) as we are required to comply with tax laws.

Retention: Tax-related data is retained for 5 years from the end of the tax year in which the transaction occurred, as required by Polish Tax Ordinance Act (Article 70 § 1).

15. Rights of California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

Applicability

These rights apply if you are a natural person who resides in California, even if temporarily outside the state.

Your California Rights

1. Right to Know You have the right to request that we disclose:

• Categories of personal information we have collected about you
• Categories of sources from which we collected the information
• Our business or commercial purpose for collecting or selling the information
• Categories of third parties with whom we share personal information
• Specific pieces of personal information we have collected about you

2. Right to Delete You have the right to request deletion of your personal information that we have collected, subject to certain exceptions (e.g., completing transactions, legal compliance, fraud prevention, exercising free speech).
3. Right to Correct You have the right to request correction of inaccurate personal information we maintain about you.
4. Right to Opt-Out of Sale/Sharing While we do not sell your personal information for monetary consideration, we may allow third parties (such as analytics and advertising services) to collect your information via automated technologies on our website.

To opt-out of this "sale" or "sharing" under CCPA:

• Use the "Do Not Sell or Share My Personal Information" link in our website footer
• Adjust your cookie preferences in our cookie banner
• Enable Global Privacy Control (GPC) in your browser

5. Right to Limit Use of Sensitive Personal Information If we use or disclose sensitive personal information for purposes beyond what is necessary to provide our services, you have the right to limit such use.
6. Right to Opt-Out of Automated Decision-Making (ADMT) If we use automated decision-making technology to make significant decisions about you (such as eligibility for services, pricing, or access to content), you have the right to:

• Be notified of such use
• Opt-out of automated decision-making
• Request human review of automated decisions
• Access information about the logic involved in automated decisions

7. Right to Non-Discrimination We will not discriminate against you for exercising any of your CCPA rights, including by:

• Denying goods or services
• Charging different prices or rates
• Providing different quality of services
• Suggesting you will receive different prices or quality of services

Categories of Personal Information We Collect (California-specific)

Under CCPA, we collect the following categories of personal information:

• Identifiers: Name, email address, IP address, device identifiers, online identifiers
• Commercial Information: Purchase history, transaction records, subscription information
• Internet Activity: Browsing history, interaction with our website, search history
• Geolocation Data: Approximate location based on IP address
• Inferences: Preferences, interests, behavioral profiles for content personalization
• Financial Information: Processed by payment processors (we do not store complete card details)
• Professional Information: If provided, such as job title or company name

How to Exercise Your California Rights

To exercise your rights under CCPA, you may:

• Email us: [email protected] 
• Submit a request through your account dashboard (for registered users)
• Call us: +48 792 655 477

Verification: We will verify your identity before processing requests using information we have collected. We may ask you to provide additional information to verify your identity.

Authorized agents: You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization and we may require you to verify your identity directly with us.

Response time: We will respond to verifiable requests within 45 days of receipt. If we need more time, we will notify you of the reason and extension period (up to 90 days total).

No fee: You may exercise these rights free of charge, unless your request is manifestly unfounded, excessive, or repetitive.

Do Not Track Signals

Our website currently does not respond to "Do Not Track" browser signals, but we do honor Global Privacy Control (GPC) signals for California residents.

California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request information about our disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

California Residents Under 18

If you are a California resident under 18 and a registered user, you may request removal of content you posted publicly. Contact us at [email protected]. Note that removal does not ensure complete deletion from all systems.

Data Broker Registration

We are not a data broker as defined by California law and are not required to register with the California Attorney General as a data broker.

Contact for California Privacy Matters

For questions specifically about your California privacy rights: Email: [email protected]
Designated Privacy Contact: Dr. Paweł Pawlak

You also have the right to lodge a complaint with the California Privacy Protection Agency (CPPA) at: https://cppa.ca.gov

16. Data Processing Agreements and Subprocessors

We have entered into Data Processing Agreements (DPAs) with all third-party service providers who process personal data on our behalf. These agreements ensure that:

• Processors only process data according to our documented instructions
• Processors implement appropriate technical and organizational security measures
• Processors assist us in responding to data subject rights requests
• Processors notify us of any data breaches
• Processors allow for audits and inspections

List of subprocessors: A current list of all subprocessors (data processors) is available upon request by contacting [email protected]

Changes to subprocessors: We will notify existing customers of any changes to our subprocessors at least 30 days in advance, allowing you to object to such changes.

17. Governing Law and Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of Poland and the European Union, particularly:

• General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679
• Polish Act on Personal Data Protection of 10 May 2018
• Polish Civil Code
• Polish Consumer Rights Act

Jurisdiction: Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of the courts in Poland, specifically the courts having jurisdiction over our registered address in Lodz, Poland.

Consumer protection: Nothing in this clause affects your statutory rights as a consumer in your country of residence, including the right to bring proceedings in the courts of your country of residence.

International users: By using our services, you consent to the application of Polish and EU law. If you are accessing our services from outside the EU, you acknowledge that your data will be transferred to and processed in the EU.

18. Reviews and Testimonials

If we publish customer reviews, testimonials, or ratings on our website or in marketing materials:

Verification: We implement mechanisms to verify that reviews come from actual customers who have purchased our products or services. Reviews are marked as "verified purchase" where applicable.

Authenticity: We do not:

• Post fake reviews
• Offer incentives for positive reviews (unless clearly disclosed)
• Suppress negative reviews (except where they violate our terms, contain offensive content, or are fraudulent)

Moderation: We may moderate reviews to remove:

• Personal data of third parties
• Offensive, discriminatory, or illegal content
• Spam or irrelevant content
• Reviews that violate our terms of service

Your rights: If you have submitted a review and wish to:

• Edit or update your review: contact us at [email protected]
• Delete your review: we will honor reasonable deletion requests
• Remain anonymous: you may use a pseudonym (but we retain your identity internally for verification)

Compliance: Our review practices comply with the EU Omnibus Directive and consumer protection regulations.

18A. Digital Services Act (DSA) Compliance

As a provider of online services in the European Union, we comply with the Digital Services Act (Regulation (EU) 2022/2065).

Content moderation: If our platform allows user-generated content (such as comments, forum posts, or course discussions), we:

• Clearly communicate our content moderation policies
• Provide reasons for content removal or restriction decisions
• Allow users to contest moderation decisions

Illegal content reporting: Users may report potentially illegal content by:

• Using the "Report" function on our platform (if available)
• Contacting us at [email protected] with subject line "DSA: Illegal Content Report"

We will acknowledge receipt and take appropriate action according to DSA requirements.

Transparency: We publish transparency reports (when required by law) regarding:

• Content moderation decisions
• Illegal content reports received and actions taken
• Cooperation with authorities

Algorithm transparency: If we use recommender systems (algorithms that suggest content or products), we provide information about:

• Main parameters determining content suggestions
• Options for users to modify or influence recommendations
• Available opt-out mechanisms

Trusted flaggers: We may work with trusted flaggers designated under DSA for identifying illegal content.

Our DSA status: We are NOT a Very Large Online Platform (VLOP) as we do not have more than 45 million average monthly active recipients in the EU. Therefore, certain enhanced DSA obligations do not apply to us, but we still maintain high standards of transparency and user protection.

19. Updates and Amendments to This Policy

We may update this policy from time to time to reflect changes in our practices, legal requirements, or service offerings.

If we do, we'll:

• Post the updated version here with a revised effective date
• For significant changes, notify you via email if we have your contact details
• For changes affecting existing customers, provide reasonable notice before changes take effect

We encourage you to review this policy periodically.

20. Contact

If you have any questions, concerns, or wish to exercise your rights, please contact:

Dr. Paweł Pawlak
Email: [email protected]
Website: https://pawlakacademy.com

For data protection matters, you can also contact: Polish Data Protection Authority (UODO)
Website: https://uodo.gov.pl

Last updated: 15.08.2025