Legal Framework

Privacy Policy

Please read the Privacy Policy carefully. This document defines how we collect, use, and protect your personal data.

Effective Date: 01.04.2026

§ 1. Data Controller

The Controller of your personal data is PERFECTCLUE Sp. z o.o., with its registered office in Rzeszów, ul. Zimowit 42, 35-605 Rzeszów, Poland, entered into the register of entrepreneurs of the National Court Register (KRS) under the number: 0000986621, NIP (Tax ID): 8133882813, REGON: 522791227. You may contact the Controller regarding data protection matters via email at: [email protected].

§ 2. Division of Roles in Data Processing

  1. Partner Data (B2B): With respect to the data of representatives, managers, and employees of hotel properties (Partners), the Service Provider acts as the Data Controller.
  2. Guest Data and Video Materials (UGC): With respect to personal data (including image/likeness) contained in video materials generated by hotel Guests using our Infrastructure, the Service Provider processes this data for the purposes of technical rendering, hosting, and sharing based on a non-exclusive license granted by the Creator, thereby supporting the Partner's marketing processes.

§ 3. Guest Representations

By creating video content, the Guest represents and warrants that they hold all necessary rights to the image of any individuals captured in the recording and that the use of such material does not infringe upon the rights of third parties. The Service Provider assumes no liability for the content of the recordings, nor for any infringement of personal rights or copyrights of third parties resulting from the Guest's actions.

§ 4. Purposes and Legal Bases for Processing

We process personal data for the following specific purposes:

  1. Handling Access Requests:
    • Scope of data: Corporate email address, contact person details, property information.
    • Legal basis: Actions taken prior to entering into a contract, and the legitimate interest in verifying the property's profile (Art. 6(1)(b) and (f) GDPR).
  2. Contract Execution and Infrastructure Operation:
    • Scope of data: Company identification data, Artifact delivery address, contact details.
    • Legal basis: Necessity for the performance of a B2B service agreement and the provision of the Cinematic Engine (Art. 6(1)(b) GDPR).
  3. Video Content Processing (Rendering & Hosting):
    • Scope of data: Video files (which may contain images/likenesses), metadata, IP address.
    • Legal basis: Legitimate interest consisting in the execution of the technological service, fulfillment of licensing provisions, and the promotional and marketing purposes of the Service Provider and the Partner (Art. 6(1)(f) GDPR).
  4. Handling Recurring Payments:
    • Scope of data: Billing data, transaction tokens.
    • Legal basis: Necessity for the performance of a contract (Art. 6(1)(b) GDPR). We do not process full credit card numbers—this is handled by a certified payment operator (Stripe).
  5. Artifact Delivery:
    • Scope of data: Property postal address, recipient's phone number.
    • Legal basis: Necessity for the performance of a contract regarding the delivery of cards, the Certificate, and the Statuette (Art. 6(1)(b) GDPR).
  6. Accounting, Taxation, and Claims Pursuit:
    • Legal basis: Fulfillment of a legal obligation (Art. 6(1)(c) GDPR) and the legitimate interest of the Controller (Art. 6(1)(f) GDPR).

§ 5. Privacy Protection Principles

  1. Security Standards: We attach great importance to protecting the confidentiality of B2B data and generated video content. We utilize advanced data transfer encryption (SSL/TLS) and server-side safeguards protecting cloud files against unauthorized access.
  2. Principle of Minimization: We respect the time and privacy of our Partners and their Guests. We collect only the data absolutely necessary to render videos, conclude agreements, and issue invoices.

§ 6. Data Retention Period

  1. Contract Duration: Partners' data is processed throughout the active subscription period, and following its termination—until the expiration of the statute of limitations for any potential claims.
  2. Accounting Requirements: Billing data and invoices are stored for a period of no less than 5 years, in accordance with tax and accounting regulations.
  3. Video Materials (UGC): These are stored on cloud servers for the period necessary to provide hosting services for the links for Guests and the Partner, or until a valid deletion request is submitted by the creator (the Guest).

§ 7. Data Recipients

  1. Categories of Recipients: To ensure the highest quality of infrastructure, your data may be entrusted to trusted third parties ("Processors"):
    • providers of advanced cloud infrastructure and video rendering engines,
    • the payment operator (Stripe) for subscription management,
    • email service and CRM system providers,
    • courier companies facilitating the delivery of physical Artifacts,
    • an external accounting firm and legal counsels.
  2. Transfers outside the EEA: In the event that our technology partners are headquartered outside the European Economic Area (e.g., in the USA), data transfer is always secured through Standard Contractual Clauses (SCC) approved by the European Commission.

§ 8. Your Rights

In accordance with GDPR regulations, you are entitled to a full catalogue of rights:

  1. Right of access and rectification: You may request information regarding your data and its correction at any time.
  2. Right to erasure: You have the "right to be forgotten" if there are no longer legal grounds for processing your data.
  3. Right to restriction and portability: You have the right to block the processing of your data or request its transfer.
  4. Right to object: You have the right to object to processing based on our legitimate interest.

To exercise your rights, please contact us via email. You also have the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO).

§ 9. Cookies

Strictly necessary technical files: Our platform utilizes only strictly necessary cookies, required for panel authorization, session maintenance, and proper interface rendering. In accordance with Telecommunications Law, we do not use invasive tracking cookies or third-party analytics; therefore, there is no need to display an intrusive consent banner.

§ 10. Information regarding the reCAPTCHA service

To protect our forms from abuse and spam, we use the reCAPTCHA service provided by Google LLC. This service is used to distinguish whether a request on the website was made by a human or an automated program (bot). As part of this analysis, Google, acting as a data processor, collects and analyzes, among other things:

  • the user's device IP address,
  • hardware and browser configuration information,
  • the user's interaction history with the website (e.g., mouse movements, time spent on the page),
  • cookies necessary for the service to function.

This analysis takes place in the background and does not require the user to take any additional actions (e.g., clicking on images) unless the system assesses the risk as high. These data are processed in accordance with the data processing agreement concluded between the Administrator and Google.

§ 11. Final Provisions

  1. Updates: This Policy is continuously reviewed and updated in response to the development of our technological infrastructure and changes in legislation.
  2. Effective Date: The current version of the Privacy Policy was adopted and is effective as of April 1, 2026.