Privacy Policy

Privacy Policy

Pursuant to Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Official Journal of the EU L 2016, No. 119, p. 1), we hereby inform that: 

The controller of personal data is Teaching Bricks Sp. Z o.o., conducting business activity with its registered office at 34 Dąbrowa, 62-840, Poland entered in the relevant business register under number 543196273, VAT ID: PL 9681017347  (hereinafter: the “Data Controller”). 

Contact with the Data Controller is possible via email at hello@teachingbricks.com 

The Data Controller processes personal data in accordance with applicable law, applying appropriate security measures provided for by law, in particular in order not to infringe the rights and freedoms of the data subject. 

The Data Controller processes personal data provided via forms available on the Platform, including in particular: first name and last name or username, email address, billing data, account-related data, technical data and any other information voluntarily provided by the User. These data are used exclusively at the stage of initial contact, account creation, subscription purchase and provision of access to Digital Content and Digital Services available on the Platform. 

At further stages of cooperation, in particular for the purpose of concluding and performing a subscription agreement and providing paid access to the Platform, the Data Controller may also process data necessary for billing and accounting purposes, including invoice data, payment status and tax-related information, where required by applicable law. 

Providing the above data is necessary to conclude a subscription agreement and access the Platform. Failure to provide such data may result in the inability to create an Account, purchase a Subscription or use paid Digital Content. 

In the course of providing services, the Data Controller does not process special categories of personal data within the meaning of Article 9 GDPR. 

The Data Controller processes personal data for the purpose of: 

  • conducting informational and promotional activities related to the Platform, including communication regarding available services and content, by electronic means – on the basis of Article 6(1)(a) GDPR; 
  • taking actions at the request of the data subject prior to concluding a contract, including account creation, responding to enquiries and providing access to free content – on the basis of Article 6(1)(b) GDPR; 
  • concluding and performing subscription agreements, including access to Digital Content and Digital Services – on the basis of Article 6(1)(b) GDPR; 
  • handling recurring subscription payments, billing cycles, payment authorisations and issuing accounting documents – on the basis of Article 6(1)(b) and (c) GDPR; 
  • fulfilling legal obligations incumbent on the Data Controller, in particular obligations arising from tax, accounting and digital services regulations – on the basis of Article 6(1)(c) GDPR; 
  • ensuring accountability and documenting compliance with legal obligations – on the basis of Article 6(1)(c) GDPR; 
  • establishing, exercising or defending against potential claims related to the operation of the Platform – on the basis of Article 6(1)(f) GDPR; 
  • archiving data for evidentiary purposes to secure information that may serve to prove specific facts – on the basis of Article 6(1)(f) GDPR; 
  • conducting basic statistical and analytical measurements related to the functioning of the Platform and User interest in content – on the basis of Article 6(1)(f) GDPR. 
  • The legitimate interest of the Data Controller or third parties includes in particular: 
  • maintaining ongoing communication with Users; 
  • informational and promotional activities conducted in a manner other than electronic marketing; 
  • ensuring the security of personal data and documenting cooperation; 
  • establishing, exercising or defending against potential claims; 
  • archiving personal data for evidentiary purposes. 

Joint controllers of personal data are: 

Meta Platforms Ireland Limited, with its registered office in Dublin, Ireland – in connection with the operation of Teaching Bricks profiles and pages on Facebook and Instagram, including the use of communication tools, interaction features and statistical insights made available by those platforms; 

LinkedIn Ireland Unlimited Company, with its registered office in Dublin, Ireland – in connection with the operation of the Teaching Bricks profile on LinkedIn, including the use of communication tools and page analytics functionalities; 

Google LLC, with its registered office at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States – in connection with the use of Google cloud services, including cloud storage solutions and backup email services. 

Joint controllership arises from the use by the Data Controller of social media platforms and cloud-based communication tools. The scope of joint controllership relates in particular to the processing of personal data carried out within the functionalities of social media pages and profiles (such as statistics, interactions, messages and comments), in accordance with the operating rules of each platform and their respective terms and privacy policies. 

Users have the following rights with regard to their personal data: 

  • the right of access to personal data – Article 15 GDPR; 
  • the right to rectification – Article 16 GDPR; 
  • the right to obtain a copy of data – Article 15(3) GDPR; 
  • the right to erasure – Article 17 GDPR; 
  • the right to restriction of processing – Article 18 GDPR; 
  • the right to data portability – Article 20 GDPR; 
  • the right to object to processing for marketing purposes – Article 21(2) GDPR; 
  • the right to object to processing based on the legitimate interests of the Data Controller – Article 21(1) GDPR; 
  • the right to withdraw consent at any time – Article 7(3) GDPR; 
  • the right to lodge a complaint with a supervisory authority – Article 77 GDPR. 

In Poland, the supervisory authority is the President of the Personal Data Protection Office. 

Users may exercise their rights by contacting the Data Controller via email at hello@teachingbricks.com or by correspondence sent to the registered office address. The request should specify the scope of the request and contain data enabling identification of the requesting person. The exercise of rights is not absolute and depends on the purpose and legal basis of processing. 

The Data Controller’s business activity is supported by external entities to whom personal data may be disclosed only to the extent necessary to achieve specific purposes and in accordance with applicable law. In particular, personal data may be disclosed to: 

  • entities authorised under applicable law; 
  • entities providing hosting, server infrastructure and main email services, including LH.pl; 
  • providers of cloud services, including Google; 
  • IT service providers responsible for system maintenance and security; 
  • accounting and bookkeeping service providers; 
  • payment service providers and banks handling financial transactions; 
  • other entities supporting the Data Controller’s activity, where such cooperation requires the processing of personal data. 

Personal data may be transferred outside the European Economic Area (EEA), in particular to the United States, in connection with the use of services provided by Google LLC. Such transfers are carried out in accordance with applicable law, using appropriate safeguards, including standard contractual clauses approved by the European Commission or other lawful transfer mechanisms provided for in the GDPR. 

Each entity to whom data are disclosed processes personal data on the basis of relevant data processing agreements or applicable legal provisions and ensures compliance with GDPR requirements. 

Personal data are stored for the period necessary to achieve the purposes for which they were collected, in particular: 

  • data processed on the basis of consent – until consent is withdrawn or the purpose is achieved; 
  • data processed in connection with the conclusion or performance of a contract – for the duration of the cooperation and limitation periods for claims; 
  • data processed to fulfil legal obligations – for the period required by law; 
  • data processed on the basis of the legitimate interest of the Data Controller – until an effective objection is raised; 
  • data processed for analytical and administrative purposes – until they become outdated or an objection is raised. 

Additionally, personal data may be stored for the purpose of protecting the Data Controller’s rights, including establishing, exercising or defending against claims, in accordance with applicable limitation periods. 

Providing personal data is voluntary. Failure to provide personal data may, however, result in the inability to access certain content or services available on the Platform. 

In order to continuously improve applied procedures and data security measures, this Privacy Policy is subject to ongoing review and may be updated where necessary. 

This Privacy Policy applies from 01/03/2026. 

account
account