vlayer Privacy Policy

Pursuant to Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU.L.2016.119.1), hereinafter referred to as the "GDPR", in relation to the acquisition of your personal data in connection with your registration, creation of the Account and use of the Services, we inform you that:

  1. Your personal data will be processed by joint controllers, i.e. 
    1. vlayer Labs sp. z o.o. with its registered office in Warsaw at 29/2 Jana Czeczota Street, 02-607 Warsaw, entered in the Register of Entrepreneurs of the National Court Register under the number 0001087119, whose records are kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register, having NIP: 5214055107 and REGON 527509460, with the share capital of PLN 121,200.00;
    2. vlayer Labs Ltd., a company incorporated in England under number 15480811, whose registered office is 100 Avebury Boulevard, Milton Keynes, United Kingdom, MK9 1FH
    3. (jointly the “Controllers” and individually a “Controller”). The Controllers may exchange and transmit personal data among one another, on the basis and terms set out below.
  2. Contact e-mail address to the Controllers: [email protected].
  3. The Controller has not appointed a Data Protection Officer.
  4. Your personal data collected in the registration process will be processed in accordance with the applicable legislation, including the GDPR and the Act of 10 May 2018 on the protection of personal data (i.e. Journal of Laws of 2019, item 1781) on the basis of one of the following grounds:
    1. on the basis of Article 6(1)(b) of the GDPR  – in the context of the provision of the Services, access to the Account, Dashboard and use of the Solution, in particular in order to carry out pre-contractual activities, the conclusion and performance of the Contract, as well as for the management of the relationship between the Controllers and the user;
    2. where applicable, on the basis of Article 6(1)(a) of the GDPR (provided that the data subject has expressed voluntary consent for such processing) – for sending commercial information by the Controller, in particular regarding any upcoming events, news about the Controllers etc. to the e-mail address indicated in the registration form;
    3. where applicable, on the basis of Article 6(1)(f) of the GDPR – within the framework of the Controllers’ legitimate interests pursued by the Controllers, being its direct marketing purposes, establishing, investigating or defending from possible Claims against the Controllers, as well as for the purpose of transmitting personal data within the group of undertakings for internal administrative purpose;
    4. where applicable, on the basis of Article 6(1)(c) of the GDPR, in order to comply with the Controllers’ legal obligations, including archiving obligations.
  5. The Controllers do not plan to transfer your personal data to recipients outside the European Economic Area, i.e. to third countries and international organisations. If such additional transfer were to take place, a Controller will ensure that it will take place subject to the Controller having a legal basis, in a manner consistent with the provisions of Chapter V of the GDPR, i.e. on the basis of lawful data transfer mechanisms that ensure an adequate level of protection, in particular on the basis of the EU-US Data Privacy Framework, an adequacy decision issued by the European Commission (notably regarding transfers to the United Kingdom), Binding Corporate Rules (BCRs) or Standard Contractual Clauses (SCCs).
  6. The provision of personal data within the scope indicated in point 4 above is voluntary, and always at the initiative of the data subject, but necessary in order to successfully complete the registration process, as well as to access and benefit from the Services. Failure to do so will result in the inability to register and to use the Services, notably the Dashboard and the Solution.
  7. If any of the consents is given (i.e. as referred to in point 4.2 above) you have the right to withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent before its withdrawal. Withdrawal of consent will result in the Controllers not being able to process the personal data covered by the scope of the consent, for the purposes indicated therein. This item does not apply to the extent that the processing of personal data is necessary for the performance of a Contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a Contract.
  8. Your personal data will be processed for the duration of the purpose of the processing i.e.:
    1. in the cases referred to in points 4.1 and 4.3 in fine – for the duration of the Contract, extended until the end of underlying statutory limitation period, but in any case, no longer than 6 years;
    2. in the cases referred to in points 4.2 and 4.3 in principio – until the Controller deems such personal data fit for the intended purpose or the data subject objects for processing of personal data for marketing purposes.
    3. in the cases referred to in point 4.4 – for the duration of the Controllers’ legal or archiving obligations.Any capitalized terms used in this Privacy Policy, not defined herein, shall be given the meaning ascribed to them in the Terms of Service.
  9. The recipients of your personal data will be, among others: entities providing the Controller with, inter alia, consulting or other advisory services, IT, hosting, mailing, postal or courier services, legal, financial and accounting services, as well as public authorities to the extent that they are required or authorized to receive or request the transfer of such data, and other entities authorised to process personal data on the basis of applicable laws, including the Controllers acting as affiliates to one another (intra-group transmission of personal data). The foregoing transmission of personal data within the group comprised of the Controllers’ entities is based on a legitimate interest in transmitting personal data within the group of undertakings for internal administrative purposes.
  10. You have the right to:
    1. to be informed whether your personal data is being processed by the Controller and, if so, the right to access it and to receive a copy of it (Article 15 GDPR);
    2. the right to rectification of personal data where the data is inaccurate and to completion of incomplete personal data (Article 16 GDPR);
    3. the right to erasure of personal data, the so-called "right to be forgotten" (Article 17 GDPR);
    4. the right to restrict the processing of personal data (Article 18 GDPR);
    5. the right to receive the processed personal data in a structured, commonly used machine-readable format and to have it freely portable, including the right to request that the Controller sends it to another controller (Article 20 GDPR);
    6. the right to object to the processing of your personal data on the basis of Article 6(1)(f) of the GDPR (Article 21 GDPR);
    7. the right to lodge a complaint with the President of the Office for Personal Data Protection.
  11. Your personal data will not be subject to automated decision-making, including profiling.
  12. Notwithstanding anything to the contrary, the Controllers shall have the right to collect and analyse anonymised, non-identifying data and other information relating to the provision, use and performance of various aspects of the Services, the Solution, and related systems and technologies (including, without limitation, information that the Controllers have anonymised or de-identified, and data derived therefrom) (“Anonymised Data”). The Controllers can use (i) use such Anonymised Data to improve and enhance the Services, the Solution, and for other development, diagnostic and corrective purposes in connection with the Services, the Solution and other Controllers’ offerings, or any other purpose, and (ii) disclose such Anonymised Data solely in aggregate or other de-identified form in connection with its business.
  13. Any capitalized terms used in this Privacy Policy, not defined herein, shall be given the meaning ascribed to them in the Terms of Service.
© 2025 vlayer
Media KitTerms and ConditionsPrivacy PolicyWe are hiring!