Privacy and GDPR
Akcepta privacy policy
Information on personal data processing on the Akcepta website and in contact with the operator.
Last updated: 13 May 2026
1. Controller
The controller of personal data processed in connection with the website, contact forms, inquiries, own marketing and sales is NGITech Sp. z o.o.
Privacy matters can be sent to office.pl@ngitech.org.
2. Customer as controller, operator as processor
For employee, contractor and campaign recipient data entered by a customer into the application panel, the organization using the platform is generally the data controller.
NGITech Sp. z o.o. processes such data as a processor under the service agreement, terms or a separate data processing agreement.
3. Data categories
Depending on how the website or platform is used, data may include: name, email address, organization name, role, department, contact details, account identifiers, billing data, IP address, device and browser data, security logs and application activity history.
The application panel may also process documents, document versions, approvals, campaigns, sent notifications, acknowledgement statuses and rollout evidence.
4. Purposes and legal bases
Data is processed to operate the website, respond to inquiries, present offers, maintain accounts, perform the service, settle payments, ensure security, establish or defend claims, keep documentation and comply with legal obligations.
Legal bases may include performance of a contract or pre-contractual steps, legitimate interest, legal obligation, consent and — for data processed on customer instruction — a data processing agreement and controller instructions.
5. Recipients
Data may be shared with providers supporting hosting, email, analytics, payment handling, invoicing, security, technical support, accounting and legal services.
If the customer uses custom SMTP or private deployment, the recipient scope and data flow may be defined in customer configuration or a separate agreement.
6. Transfers outside the EEA
If data is transferred outside the European Economic Area as part of infrastructure, analytics, advertising or auxiliary services, appropriate legal mechanisms are used, such as adequacy decisions, standard contractual clauses or other GDPR safeguards.
Details of transfers may depend on service providers used at a given time.
7. Retention
Contact data is retained for the time needed to handle the inquiry and demonstrate the communication history. Account and service data is retained for the service period and for the time required for settlements, security, audit or claims.
Data processed on customer instruction in the application panel is retained according to service configuration, customer agreement or controller instructions.
8. Data subject rights
Data subjects may have rights of access, rectification, erasure, restriction, portability, objection, withdrawal of consent and complaint to the supervisory authority.
If a request concerns data processed on behalf of a customer, the operator may forward it to the relevant controller or handle it according to controller instructions.
9. Automated decisions
The Akcepta website and platform do not make decisions based solely on automated processing that produce legal effects or similarly significantly affect users.
Analytics or advertising tools may use marketing profiling only within the scope of consent and settings of the technologies used.
10. Security
The operator applies technical and organizational measures to protect data against unauthorized access, loss, alteration or disclosure, including access control, event logging, backups, encrypted transmission and role-based access limitation.
A detailed overview is provided in the “Security and GDPR policy”.
Operator: NGITech Sp. z o.o.
Contact:office.pl@ngitech.org
This document applies to akcepta.com and the Akcepta landing page. Processing terms for the application may be supplemented by a data processing agreement, account terms or an individual customer agreement.