AboutHow it worksBenefitsWorkMemberships

Privacy policy

Last updated: 9 December 2025

This privacy policy explains how I collect, use and protect personal data when you visit www.filip.design or contact me.

By using this website, you acknowledge that you have read this policy.

1. Data controller

The data controller responsible for your personal data is:

Name: Michał Filip

Country: Poland

Email: michal@filip.design

Website: https://www.filip.design

If you have any questions about this policy or how your data is handled, you can contact me at the email above.

2. Personal data I process

2.1 Information you provide directly

This website does not use any contact forms or submission widgets.

If you choose to contact me directly (for example by email), I may process:

  • Your email address
  • Your name (if included in your email or signature)
  • The content of your message and any attachments
  • Any project details you choose to share (e.g. company, role, budget, timelines)

I only receive this information when you actively decide to send it.

2.2 Information collected automatically

When you visit the website, some technical data may be collected automatically by the hosting infrastructure, such as:

  • IP address and approximate location (city/country level)
  • Browser type and version
  • Device type and operating system
  • Referring site (if any)
  • Pages visited and basic usage information
  • Date and time of your visit

This information is typically stored in server logs and is used to keep the site secure and functioning correctly.

3. Cookies and tracking

This site is hosted on a third-party platform (Webflow). Webflow may set essential cookies that are necessary for:

  • Delivering the website content to you
  • Balancing load and performance
  • Basic security and abuse prevention

I do not use:

  • Any newsletter or mailing list
  • Any contact submission forms
  • Any third-party embeds such as YouTube, social media feeds, or chat widgets
  • Any marketing or advertising trackers

I also do not intentionally use analytics tools that set tracking cookies or build behavioural profiles across websites.

You can control or delete cookies in your browser settings at any time.

4. Purposes and legal bases for processing

I process personal data only where there is a valid legal basis under the GDPR.

4.1 Responding to enquiries and potential projects

Purpose:

To read, store and respond to messages you send directly (e.g. by email), and to discuss potential work or collaboration.

Data:

Email address, name (if provided), message content, attachments, and project details.

Legal basis:

  • Article 6(1)(b) GDPR – steps taken at your request prior to entering into a contract
  • Article 6(1)(f) GDPR – my legitimate interest in responding to enquiries and operating my professional practice

4.2 Operating and securing the website

Purpose:

To ensure the website is delivered correctly, secure, and protected from abuse (for example, DDoS attacks, misuse and technical issues).

Data:

Technical information and server logs, including IP addresses.

Legal basis:

  • Article 6(1)(f) GDPR – my legitimate interest in running a functional, secure website

5. How long I keep your data

I keep personal data only for as long as necessary for the purposes described above:

  • Email correspondence and project-related communication: typically kept for up to 3 years for reference, legal, and documentation purposes, unless a longer period is required by law (for example, accounting and tax rules) or unless you request deletion earlier and there is no legal reason to keep it.
  • Technical logs (hosting provider): typically kept for a limited period determined by the hosting provider, usually in the order of days to a few months, to maintain security and debug technical issues.

Where legal obligations require longer retention (for example, tax and accounting records), I will comply with those requirements.

6. Who processes your data

I do not sell your personal data.

Personal data may be processed by trusted service providers who help operate the website and communication channels, for example:

  • Website hosting provider (Webflow) – to serve the website and maintain technical logs
  • Email service provider – to send, receive and store email communications
  • Cloud backup or storage services – if I back up emails or project files

These providers act as data processors and process personal data only according to my instructions and under appropriate contractual and technical safeguards.

I may also disclose data if required by law or to protect my legal rights (for example, in response to a lawful request by authorities).

7. International data transfers

Some service providers involved in hosting the website or handling email may be located outside the European Economic Area (EEA).

When personal data is transferred outside the EEA, I aim to ensure that at least one of the following applies:

  • The European Commission has recognised the destination country as providing an adequate level of data protection, or
  • The transfer is subject to appropriate safeguards, such as standard contractual clauses (SCCs) or equivalent mechanisms.

You can contact me at michal@filip.design for more detail on specific providers and safeguards used.

8. Your rights under GDPR

If you are in the EU/EEA or the UK, you have the following rights regarding your personal data:

  • Right of access – to know whether I process your data and to receive a copy.
  • Right to rectification – to request correction of inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data, where there is no legal obligation or overriding legitimate interest to keep it.
  • Right to restriction of processing – to request that processing is limited in certain circumstances.
  • Right to data portability – to receive your data in a structured, commonly used and machine-readable format where processing is based on consent or contract and carried out by automated means.
  • Right to object – to object to processing based on legitimate interests, in which case I will stop processing unless there are compelling legitimate grounds or legal obligations.
  • Right to withdraw consent – where processing is based on your consent, you can withdraw it at any time (without affecting the lawfulness of processing carried out before withdrawal).

To exercise any of these rights, contact me at: michal@filip.design.

You also have the right to lodge a complaint with a supervisory authority.

In Poland, this is:

Urząd Ochrony Danych Osobowych (UODO)

Website: https://uodo.gov.pl

If you live in another EU/EEA country, you can also contact your local data protection authority.

9. Third-party links

This website may contain links to external websites (for example, client websites, articles, or profiles).

I am not responsible for the privacy practices or content of those third-party sites.

You should review the privacy policies of any external sites you visit.

10. Children’s privacy

This website and my services are not directed at children under the age of 16.

I do not knowingly collect personal data from children.

If you believe I have inadvertently collected data relating to a child under 16, please contact me at michal@filip.design so it can be removed.

11. Changes to this privacy policy

I may update this privacy policy from time to time to reflect:

  • Changes in legal or regulatory requirements
  • Changes in the tools and services used on the website
  • Changes in how I operate my professional practice

The latest version will always be available on www.filip.design, with the “Last updated” date shown at the top of the page.