Effective Date: June 2, 2025 | Last Updated: June 2, 2025
Important Notice
This Privacy Policy governs the collection, processing, and protection of personal data by the FORBRS Poland-Qatar Technology Initiative. By accessing or using our website, services, or submitting any information through our platforms, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.
Jurisdiction: This policy is governed by Polish law and European Union data protection regulations, with international cooperation provisions for Qatar-based users.
1. Data Controller and Legal Basis
1.1 Data Controller Identification
FORBRS Poland-Qatar Technology Initiative acts as the data controller for all personal data collected through this website and related services.
- Legal Entity: [Forbrs.com - Handlujemy.pl sp. z o.o.]
- Registration: Poland, European Union
- Server Location: Republic of Poland, European Union
- Data Protection Officer Contact: qatar@forbrs.com
- Primary Contact: qatar@forbrs.com
Legal Basis: Article 6(1) GDPR - Processing necessary for legitimate interests (Article 6(1)(f)) and consent (Article 6(1)(a)) where applicable.
1.2 International Cooperation Framework
Given our Poland-Qatar technology partnership, this policy addresses cross-border data processing in compliance with:
- European Union General Data Protection Regulation (GDPR)
- Polish Personal Data Protection Act
- Qatar Data Protection Law (Law No. 13 of 2016)
- International data transfer agreements and adequacy decisions
2. Categories of Personal Data Collected
2.1 Partnership Inquiry Data
When you submit partnership inquiries through our contact forms, we collect:
| Data Category |
Specific Data Points |
Legal Basis |
Retention Period |
| Identity Data |
Full name, company representative designation |
Legitimate Interest (Art. 6(1)(f)) |
7 years from last contact |
| Contact Data |
Email address, phone number |
Legitimate Interest (Art. 6(1)(f)) |
7 years from last contact |
| Professional Data |
Company name, country of operation, partnership type interest |
Legitimate Interest (Art. 6(1)(f)) |
7 years from last contact |
| Communication Data |
Inquiry messages, correspondence content |
Legitimate Interest (Art. 6(1)(f)) |
7 years from last contact |
| Technical Data |
IP address, browser user agent, submission timestamp |
Legitimate Interest (Art. 6(1)(f)) |
2 years from collection |
2.2 Website Analytics and Technical Data
During your website visit, we may automatically collect:
- IP addresses (anonymized after 12 months)
- Browser type and version information
- Operating system details
- Access times and referring website information
- Pages visited and time spent on our website
- Device characteristics and screen resolution
3. Purposes and Legal Basis for Processing
3.1 Primary Processing Purposes
Legitimate Interest Processing (Article 6(1)(f) GDPR):
- Partnership Development: Evaluating and responding to strategic partnership inquiries
- Business Communication: Facilitating Poland-Qatar business relationships
- Technology Advancement: Supporting our organic search engine development initiative
- Diplomatic Relations Support: Contributing to Poland-Qatar bilateral economic cooperation
- Security and Fraud Prevention: Protecting our systems and users from malicious activities
Consent-Based Processing (Article 6(1)(a) GDPR):
- Marketing Communications: Sending updates about our technology initiative (opt-in required)
- Newsletter Subscriptions: Providing regular updates on Poland-Qatar cooperation progress
- Event Invitations: Informing about partnership events and technology demonstrations
3.2 Balancing Test for Legitimate Interests
We have conducted a comprehensive balancing test to ensure our legitimate interests do not override your fundamental rights and freedoms:
Our Legitimate Interests:
- Facilitating international technology cooperation between Poland and Qatar
- Developing innovative search engine technology for business connections
- Supporting diplomatic and economic relations between EU and Qatar
- Maintaining business operations and security
Your Rights and Interests:
- Right to privacy and data protection
- Expectation of reasonable data use for stated purposes
- Right to control and access your personal information
- Protection from unexpected or intrusive processing
Conclusion: Our processing is necessary for legitimate business purposes and does not unreasonably impact your rights.
4. Data Sharing and International Transfers
4.1 Data Recipients
Your personal data may be shared with the following categories of recipients:
- Internal Team Members: Authorized FORBRS staff involved in partnership evaluation and business development
- Polish Government Entities: When required for diplomatic cooperation purposes (legal obligation basis)
- Qatari Partner Organizations: Legitimate business partners involved in technology cooperation (with appropriate safeguards)
- Technical Service Providers: IT infrastructure providers, hosting services, and security providers (under data processing agreements)
- Legal and Professional Advisors: Lawyers, accountants, and consultants bound by professional confidentiality
- Regulatory Authorities: When required by law or regulation
4.2 International Data Transfers
Given our Poland-Qatar cooperation mandate, personal data may be transferred internationally under the following safeguards:
| Transfer Destination |
Legal Safeguard |
Purpose |
Data Categories |
| State of Qatar |
Standard Contractual Clauses (SCCs) + Additional Safeguards |
Partnership evaluation and business cooperation |
Professional and Contact Data only |
| Other EU Countries |
GDPR adequacy (intra-EU transfers) |
Technical infrastructure and support |
All categories as necessary |
| Third Countries (if applicable) |
Adequacy decisions or appropriate safeguards (Art. 46 GDPR) |
Technical services only |
Pseudonymized technical data |
Transfer Impact Assessment: We have conducted Transfer Impact Assessments (TIAs) for all international transfers to ensure adequate protection levels.
5. Data Retention and Deletion
5.1 Retention Periods
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:
- Partnership Inquiry Data: 7 years from last meaningful contact or business interaction
- Technical Logs: 2 years from collection (anonymized after 12 months)
- Marketing Consent Records: 3 years from withdrawal of consent
- Legal Correspondence: 10 years or as required by applicable legal proceedings
- Financial Records: As required by Polish tax and accounting legislation (minimum 5 years)
5.2 Secure Deletion Procedures
Upon expiration of retention periods, we implement secure deletion procedures:
- Digital data: Cryptographic erasure and multi-pass overwriting
- Backup systems: Systematic purging from all backup and archive systems
- Physical media: Secure destruction following industry standards
- Third-party systems: Documented deletion confirmations from data processors
6. Your Data Protection Rights
6.1 GDPR Rights
As a data subject, you have the following rights under GDPR:
- Right of Access (Article 15): Request copies of your personal data and information about processing
- Right to Rectification (Article 16): Request correction of inaccurate or incomplete data
- Right to Erasure (Article 17): Request deletion of your data under specific circumstances
- Right to Restrict Processing (Article 18): Request limitation of processing under certain conditions
- Right to Data Portability (Article 20): Request transfer of your data in a structured format
- Right to Object (Article 21): Object to processing based on legitimate interests or direct marketing
- Rights regarding Automated Decision-Making (Article 22): Protection from solely automated decision-making
6.2 How to Exercise Your Rights
To exercise any of your data protection rights:
Contact Methods:
- Email: privacy@forbrs.com (preferred method)
- Subject Line: "Data Protection Rights Request - [Your Name]"
- Required Information: Full name, email address, specific right being exercised, and verification details
- Response Time: Maximum 30 days from receipt of verified request
- Identity Verification: May be required to prevent unauthorized access
6.3 Right to Lodge a Complaint
You have the right to lodge a complaint with relevant supervisory authorities:
- Poland: Personal Data Protection Office (UODO) - uodo.gov.pl
- EU-wide: Your local Data Protection Authority
- Qatar: Qatar National Cyber Security Agency (if applicable)
7. Technical and Organizational Security Measures
7.1 Data Security Framework
We implement comprehensive technical and organizational measures to ensure appropriate data security:
Technical Measures:
- Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
- Access Controls: Multi-factor authentication and role-based access controls
- Network Security: Firewalls, intrusion detection systems, and regular security monitoring
- Data Backup: Encrypted, geographically distributed backup systems
- Vulnerability Management: Regular security assessments and patch management
Organizational Measures:
- Staff Training: Regular data protection and security awareness training
- Access Management: Principle of least privilege and need-to-know basis
- Incident Response: Documented procedures for data breach response and notification
- Data Processing Agreements: Comprehensive contracts with all data processors
- Privacy by Design: Data protection considerations integrated into all system design
7.2 Data Breach Response
In the event of a personal data breach, we will:
- Assess and contain the breach within 24 hours of discovery
- Notify relevant supervisory authorities within 72 hours (if required under GDPR)
- Inform affected data subjects without undue delay (if high risk to rights and freedoms)
- Document all breaches and remedial actions taken
- Conduct post-incident reviews and implement preventive measures
8. Cookies and Tracking Technologies
8.1 Cookie Usage
Our website uses cookies and similar tracking technologies. We classify cookies as follows:
| Cookie Type |
Purpose |
Duration |
Legal Basis |
| Strictly Necessary |
Essential website functionality and security |
Session/12 months |
Legitimate Interest |
| Functional |
Language preferences, user interface settings |
12 months |
Consent |
| Analytics |
Website performance and usage statistics |
24 months |
Consent |
| Marketing |
Partnership outreach and communication |
12 months |
Consent |
8.2 Managing Cookie Preferences
You can control cookie settings through:
- Our cookie consent banner (accessible via cookie icon)
- Browser settings and privacy controls
- Third-party opt-out mechanisms where applicable
- Contacting us directly for specific preferences
9. Special Provisions for Qatar-Based Users
9.1 Qatar Data Protection Law Compliance
For users based in Qatar, we provide additional protections under Qatar Data Protection Law:
- Local Representative: Designated Qatar-based contact for data protection inquiries
- Data Localization: Option to process certain data within Qatar jurisdiction when required
- Cultural Sensitivity: Respect for local cultural and religious considerations in data handling
- Language Support: Arabic language support for data protection communications
- Dispute Resolution: Local dispute resolution mechanisms where appropriate
10. Children's Privacy
Our services are designed for business and professional use. We do not knowingly collect personal data from individuals under 16 years of age (or applicable local age of digital consent). If we become aware of such collection, we will delete the data immediately and notify relevant authorities if required.
Safe Search Initiative: Our planned safe search engine for children will be subject to enhanced privacy protections and separate privacy documentation upon launch.
11. Policy Updates and Changes
11.1 Amendment Procedures
We may update this Privacy Policy to reflect:
- Changes in applicable laws and regulations
- Evolution of our technology services and partnerships
- Enhanced privacy protections and security measures
- Feedback from users and regulatory guidance
11.2 Notification of Changes
Material changes to this policy will be communicated through:
- Prominent website notices for 30 days
- Email notifications to registered users (where consent provided)
- Updated effective date clearly displayed
- Summary of key changes provided
12. Contact Information and Data Protection Officer
Legal Framework References
This Privacy Policy is designed to comply with:
- Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR)
- Polish Personal Data Protection Act (Ustawa o ochronie danych osobowych)
- ePrivacy Directive 2002/58/EC and national implementations
- Qatar Data Protection Law (Law No. 13 of 2016)
- International data transfer frameworks and adequacy decisions
- Industry best practices for data protection and cybersecurity
© 2025 FORBRS Poland-Qatar Technology Initiative. All rights reserved.
This document was prepared with expert legal consultation and represents current best practices in international data protection law.