Privacy Policy

1. Data Controller

The controller of your personal data is Narrix.studio.

Privacy contact: film@narrix.studio

2. What data we process and how we obtain it

We limit data processing to the absolute minimum.

a) Website (no forms)

Our website does not have contact forms and does not collect data submitted by users directly through the site.

b) E-mail contact

If you send us an e-mail, we process: your e-mail address and the content of the message (along with any other data you provide). We do this exclusively to reply or discuss potential cooperation. We do not add you to marketing lists and we do not build mailing databases.

c) Technical data (server logs)

For technical and security reasons, our server may save logs, such as IP address, date and time, browser/device information, requested assets. This is standard hosting practice.

3. Cookies and analytics

The website may use cookies.

a) Essential / functional cookies

These help the website to function properly (e.g., saving preferences). Such cookies are technically necessary for the operation of the service.

b) Analytical cookies (Google Analytics)

We may use Google Analytics (GA4) to analyze website traffic (e.g., number of visits, traffic sources, popular subpages). The data is statistical and is used to improve the service.

Analytics is only activated after you give your consent in the cookie banner. You can withdraw your consent at any time (e.g., by clearing site data in your browser).

How to disable cookies?

You can block or delete cookies in your browser settings.

4. Data recipients (who we may share data with)

Your data may be processed by entities whose services we use, such as:

• hosting/server providers (logs, website maintenance),
• e-mail service providers (handling correspondence),
• Google (for analytics, if you consent).

We do not sell data and we do not share it with third parties for marketing purposes.

5. Legal basis for processing (GDPR)

We process data based on:

• Your consent (Art. 6(1)(a) GDPR) — for analytical cookies (Google Analytics),
• Our legitimate interest (Art. 6(1)(f) GDPR) — for server logs and ensuring the security and proper functioning of the site,
• Taking steps at your request prior to entering into a contract / performance of a contract (Art. 6(1)(b) GDPR) — when you contact us regarding cooperation,
• Legal obligations (Art. 6(1)(c) GDPR) — if we need to store billing documents (e.g., invoices) in accordance with regulations.

6. How long we store data

• E-mail: we store correspondence for as long as necessary for contact, arrangements, or execution of cooperation; unnecessary messages are deleted.
• Server logs: in accordance with hosting settings and security needs (usually from a few days to a few months).
• Billing data: for the period required by law.

7. Your rights

You have the right to:

• access your data,
• rectify your data,
• erase your data,
• restrict processing,
• data portability,
• object to processing based on legitimate interest,
• withdraw consent at any time (without affecting the lawfulness of processing before the withdrawal).

If you believe that we process your data unlawfully, you can lodge a complaint with the President of the Personal Data Protection Office (UODO in Poland).

How we implement your rights (in practice)

We do not maintain a user database or profiles. If we process your data at all, it is usually only the data from the e-mail correspondence you send us yourself.

• Access to data: upon your request, we will confirm whether we have correspondence from you and what data it contains (usually: e-mail address and message content). If requested, we can send a copy of this correspondence.
• Erasure of data: we can delete correspondence from our inbox (and trash) if we do not need to keep it for legal reasons (e.g., billing, contract) or to protect against claims.
• Rectification of data: if you provided incorrect data in an e-mail, we will accept the correct version and use it going forward.
• Other rights: we fulfill them to the extent we actually possess your data. If your request concerns technical data (e.g., server logs), we may ask for additional information that will allow us to identify the entries (if possible at all).

Finally: because we do not keep an archive of correspondence "just in case" and we delete some messages on an ongoing basis, it may happen that at the time of your inquiry we no longer have a given message. In such a situation, we will simply inform you about it in our reply.

8. Data transfer outside the EEA

When using the services of providers such as Google, data may be transferred outside the European Economic Area (e.g., to the USA) — in accordance with protection mechanisms provided by law (e.g., standard contractual clauses). This only applies if you consent to analytical cookies.

9. Changes to the policy

We may update the policy, e.g., when services or legal requirements change. The current version is always available on this page.