We are ULTRICO SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ (“Ultrico”, “we”, “us”, or “our”, “Controler”), are the provider of the following software products and services:

• Ultrico uFlow
• Ultrico web site

 To better protect your privacy we provide this privacy policy notice explaining the way your personal information is collected and used.

By visiting our website ultrico.com and any other Ultrico online website under any of the domains (including subdomains):

• ultri.co
• ultrico.com
• ultrico.com.pl
• ultrico.net
• ultrico.pl
• ultrico.ai
• uflow.dev
• uflow.cloud
• iloveautomation.pl
• promptmarket.cloud
• promptmarket.dev
• promptmarket.me
• promptmarket.tech

or by using any product or service provided by Ultrico, you are deemed to have accepted and consented to the terms outlined within this policy.

For the purpose of the data protection laws applicable to us, the data controller is

Ultrico limited liability company with its registered office in Warsaw at Al. Jana Pawła II no. 27, 00-867 Warsaw, entered into the register of entrepreneurs maintained by the District Court for the Capital City of Warsaw in Warsaw, XIII Commercial Division of the National Court Register under KRS number: 937384, with NIP (Tax ID): 5272980133 and REGON (Statistical ID) 520642173, with share capital of 5,000.00 PLN.

Our websites, products and services

This privacy policy relates to your use of all Ultrico websites, products and services.

Throughout our websites, products and services we may link to other websites owned and operated by certain trusted third parties. These other third-party websites may also gather information about you in accordance with their own separate privacy policies.

Please check these policies before you submit any personal data to these websites.

Our collection and use of your personal information

We collect personal information about you when you access our websites, use our products and services, register with us, contact us, send us feedback, request support, purchase products or services, post material to our website and complete customer surveys.

Personal data

We gather your personal information in two ways:

• Directly: When you register an account, contact us, or purchase our products or services
• Indirectly: Through your browsing activity on our website (as described in our ‘Cookies’ section)

The types of personal information we collect depend on your interaction with us and may include:

• Name, address, and contact details (email, phone number, social media handles)
• Bank account and payment information
• Feedback you provide through phone, email, post, or social media
• Information about services we provide to you
• Account details (username and login credentials)
• Additional personal data you submit through our Contact Form

We use this information to:

• Create and manage your account
• Verify your identity
• Deliver our goods and services
• Personalize our websites, products, and services to your preferences
• Notify you of relevant changes to our offerings
• Provide software and support services
• Improve our services
• Perform automated decision-making (including profiling)

Anonymous data collected automatically

• Anonymous data will be transferred outside the European Economic Area.
• Anonymous data will not be used for automated decision-making (including profiling).

Ultrico websites, products and services are not intended for use by children (individuals under the age of 18) and we do not knowingly collect or use personal information relating to children.

Our legal basis for processing your personal information

When processing your personal information, we must have a valid legal basis for doing so. Depending on the nature of the information and our intended use, we may rely on one of the following legal grounds:

• Consent: When you have explicitly agreed to our processing of your personal information for a specific purpose
• Contract: When processing is necessary to fulfill our contractual obligations to you, or to take steps at your request before entering into a contract
• Legal Obligation: When we need to process your information to comply with our legal requirements
• Legitimate Interests: When processing is necessary for our legitimate business interests or those of a third party, provided these interests are not overridden by your rights and freedoms

The specific legal basis for processing will depend on the particular circumstances and the type of data involved.

Who we share your personal information with

You agree that we have the right to share your personal information with:

• Our hosting partners (Microsoft, Cloudflare) and third parties we use to help provide software and services
• Google, for website analytics capabilities
• Our payment services providers (Stripe)
• Providers of application support and related services (including Atlassian), to help us address any issues you may raise with the operation of the software or the services

We will share personal information with law enforcement or other authorities if required by applicable law.

We will not share your personal information with any other third party.

Transfer of your information out of the EEA

We may transfer your personal information to territories located outside the European Economic Area (EEA) as follows:

• The United States of America to process payments and manage your subscriptions.

Such countries do not have the same data protection laws as the EEA. To ensure that your personal information receives an adequate level of protection when transferred outside the EEA, we implement appropriate safeguards in accordance with applicable data protection laws. These safeguards include:

1. Standard Contractual Clauses (SCCs): We use the updated European Commission approved Standard Contractual Clauses with our service providers, which contractually oblige them to protect your personal data to standards required by EU data protection legislation.
2. Supplementary Measures: In line with the European Data Protection Board recommendations following the Schrems II decision, we implement additional technical, contractual, and organizational measures as necessary to ensure an essentially equivalent level of protection for your data.
3. Vendor Assessment: We assess our data importers’ local legal environment to ensure that they can comply with their obligations under our data transfer agreements.

Where we rely on these mechanisms, we regularly review our data transfer practices to verify ongoing compliance and adapt our approach as the regulatory landscape evolves, including developments in transatlantic data transfer frameworks.

If you would like further information about our data transfer safeguards, please contact us using the methods outlined in the “How to contact us” section.

We will not otherwise transfer your personal data outside of the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

Cookies and other tracking technologies

A cookie constitutes a small text file that is deployed onto a user’s device (such as a computer, smartphone, or other electronic apparatus) upon accessing our website.

Ultrico websites implement Google Analytics, a web analytics service operated by Google, Inc. (“Google”). Cookies are utilized to analyze user interaction with the website, and the aggregated information (inclusive of IP addresses) shall be transmitted to and stored by Google on servers located in the United States of America. Google shall employ the provided information to generate usage reports and statistical analyses regarding website utilization.

Google may, where legally obligated or where third parties process information on Google’s behalf, disclose this information to such third parties. Google shall not associate users’ IP addresses with any other data in Google’s possession.

Users may decline the deployment of cookies by configuring the appropriate settings within their browser software. By utilizing Ultrico’s websites, products, and related services, users thereby consent to the processing of their data by Google in the manner and for the purposes herein specified.

Ultrico employs Jira cookies to facilitate the provision of software support services. For comprehensive information regarding Jira cookies and methodologies for their rejection or deletion, please refer to Privacy Policy | Atlassian

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

Cookie Management

Users may independently modify the settings for storing, deleting, and accessing cookies for any website at any time through their browser configuration.

Instructions for disabling cookies in popular web browsers are available at this resource or from the following browser-specific guides:

• Safari Browser Cookie Management
• Chrome Browser Cookie Management
• Opera Browser Cookie Management
• Firefox Browser Cookie Management
• Edge Browser Cookie Management
• Internet Explorer 11 Cookie Management

Marketing

We would like to send you information about products and services that may interest you. Where we have your consent or where it aligns with our legitimate interests, we may contact you through post, email, telephone, text message (SMS), or automated calls.

If you previously consented to receiving such communications, you can opt out at any time by:

• Contacting us through any method listed in the “How to contact us” section
• Clicking the ‘unsubscribe’ link included in our emails

Please note that it may take up to 10 working days to process your unsubscribe request.

For additional information regarding your marketing-related rights, please refer to the ‘Your rights’ section below.

Your rights

Personal Data Subject Rights

Data subjects whose Personal Data are processed by the Controller are entitled to exercise the following rights:

Right of Access

Data subjects possess the right to access their Personal Data upon formal request submitted to the Controller. Such requests shall be fulfilled in accordance with Article 15 of the GDPR.

Right to Rectification

Data subjects are entitled to request the immediate rectification of inaccurate Personal Data and completion of incomplete Personal Data. Such rectification shall be executed upon formal request submitted to the Controller, in accordance with Article 16 of the GDPR.

Right to Erasure

Data subjects may request the immediate deletion of their Personal Data, which shall be implemented upon formal request submitted to the Controller. The Controller reserves the right to temporarily suspend the execution of erasure requests in order to protect legitimate interests (establishment, exercise, or defense of legal claims). In the case of Newsletter services, Data subjects may independently delete their Personal Data via the designated link included in each electronic communication.

Right to Restriction of Processing

Data subjects possess the right to restrict the processing of Personal Data in circumstances specified in Article 18 of the GDPR, including but not limited to cases where the accuracy of Personal Data is contested. Such restriction shall be implemented upon formal request submitted to the Controller.

Right to Data Portability

Data subjects are entitled to receive their Personal Data from the Controller in a structured, commonly used, and machine-readable format. This right shall be executed upon formal request submitted to the Controller, in accordance with Article 20 of the GDPR.

Right to Object

Data subjects possess the right to object to the processing of their Personal Data in circumstances specified in Article 21 of the GDPR. Such objections shall be addressed upon formal request submitted to the Controller.

Right to Lodge a Complaint

Data subjects retain the right to lodge a complaint with the competent supervisory authority responsible for Personal Data protection. Said complaints may be submitted to the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw). Further information regarding the right to object is available on the official website of the President of the Office for Personal Data Protection: https://uodo.gov.pl/pl/83/155.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from https://uodo.gov.pl.

If you would like to exercise any of those rights, please:

• Contact us via any method outlined in the “How to contact us” section
• let us have enough information to identify you (like email address, Subscription ID), and
• let us know the information to which your request relates including any account or reference numbers if you have them.

Keeping your personal information secure

We implement appropriate technical and organizational security measures to protect your personal information from accidental loss, unauthorized access, alteration, or disclosure. Access to your personal information is restricted to personnel with a legitimate business need, who process such data only as authorized and under confidentiality obligations.

We maintain protocols for responding to potential data security breaches. In the event of a suspected breach, we will notify affected individuals and relevant regulatory authorities as required by law.

Your data is protected through comprehensive encryption both in transit and at rest. Ultrico services employ industry-standard 256-bit AES encryption for data storage and SHA-256 with RSA Encryption SSL certificates across all API services. Additionally, all our API services utilize a minimum of TLS1.2 and enforce the HTTPS protocol to ensure secure data transmission.

Global Privacy Compliance Statement

This privacy policy is primarily designed to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws of the European Union and Poland, where Ultrico is based.

However, we respect the privacy rights of all our users worldwide, regardless of their location. While specific privacy regulations vary by country and region, we are committed to handling all personal data with care and in accordance with the principles outlined in this policy.

For users outside the European Economic Area (EEA), we will handle privacy requests and inquiries following similar principles to those required by the GDPR when reasonable and permitted by applicable local law. This includes requests for access, correction, deletion, and portability of personal data.

We continuously monitor developments in global privacy regulations that may affect our operations and will update our practices and this privacy policy as needed to maintain compliance with applicable laws in the jurisdictions where we actively conduct business.

If you have any questions about how we handle personal data in your specific region, please contact us using the methods outlined in the “How to contact us” section of this policy.

Changes to this privacy policy

This privacy policy was published on 2025-01-01.

We may change this privacy policy from time to time, with updates added directly to this page. Please check back frequently to see any updates or changes to our privacy policy.

How to contact us

Please contact us if you have any questions about this privacy notice or the information we hold about you.

• Sending an email to:

  [email protected] or [email protected]

• or writing to:

  ULTRICO SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ ul. ALEJA JANA PAWŁA II, nr 27 00-867 WARSZAWA POLAND