Privacy
How we handle your data
We collect as little as possible and tell you everything we do collect. This page explains it, section by section.
Last updated: 2026-06-05
Who we are
This privacy policy applies to the opservio.com website. The company behind it, and the data controller for personal data collected through this site, is:
- Name
- Opservio sp. z o.o.
- Address
- Al. Prymasa Tysiąclecia 16, 05-504 Prace Duże, Poland
- VAT ID
- PL1231595637
- REGON
- 543724743
- KRS
- 0001216790
- Registry court
- Sąd Rejonowy Lublin-wschód w Lublinie, VI wydział gospodarczy
- Share capital
- 15 000,00 PLN
- Contact
- hello@opservio.com
You can reach us at the email address above for anything in this policy: rights requests, questions, complaints. We respond within 30 days, usually faster.
What this policy covers
This page covers the opservio.com website only - the marketing site you are reading and the analytics and logs that run alongside it.
It does not cover the AllowGate product or the allowgate.com site. Each of those has its own privacy policy. The AllowGate product is a multi-tenant service; data processed inside it is governed by the Data Processing Agreement signed with each tenant, not by this page.
What we collect
We collect data in two narrow places. Each one is listed below with what it is and where it lives.
- Analytics. Aggregated, cookieless page-view data from our self-hosted analytics. No cookies, no cross-site identifiers, no profiling. IP addresses are truncated and hashed before they reach storage.
- Server logs. IP address, user-agent, requested URL, and timestamp, recorded by the webserver. Used to investigate abuse and diagnose errors.
Why we collect it, and on what legal basis
Under Article 6(1) of the GDPR, every processing operation must rest on a named lawful basis. Ours:
- Analytics. Our legitimate interest in understanding how the site is used - Article 6(1)(f). The data is aggregated and cookieless; there is no profiling and no identification of individual visitors.
- Server logs. Our legitimate interest in keeping the site secure and available - Article 6(1)(f).
Where it lives
Everything described above runs on virtual servers in the European Union, operated by Opservio. The analytics and webserver are self-hosted.
We do not pass your data to third-party services - no external analytics providers, no email marketing platforms, no CRMs. We do not transfer personal data outside the European Economic Area. If that ever changes, this page changes first.
How long we keep it
Retention is by data type, not a blanket policy:
- Analytics. Aggregated and cookieless, so no personal data to expire. Retained indefinitely as aggregates.
- Server logs. 180 days, then deleted.
Encrypted backups follow a separate cycle: data deleted from primary storage can persist in backups for up to 12 months before it rotates out. Backups are used only for disaster recovery.
Your rights
Under the GDPR (Articles 15 to 22), you have the following rights over the personal data we hold about you. Email us to exercise any of them - see the contact in section 1.
- Access. Ask for a copy of the personal data we hold about you.
- Correction. Ask us to fix anything that is wrong or out of date.
- Deletion. Ask us to delete your data.
- Restriction. Ask us to stop processing your data while a dispute is sorted out.
- Portability. Ask for your data in a machine-readable format, or for us to transmit it to another controller.
- Objection. Object to processing based on legitimate interest (analytics, server logs).
We respond to rights requests within 30 days. There is no identity-verification ceremony - replying from the email address on file is enough.
Complaints
If you are not happy with how we handle your data, you can lodge a complaint with our supervisory authority:
Prezes Urzędu Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl
Automated decisions
This site does not make any decisions about you by automated means, and does not profile you.
Children
This site is not directed at children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, email us and we will delete it.
Language versions
This policy is published in English and Polish.
If you live in Poland, or your business has its registered seat in Poland, the Polish version ("Polityka prywatności") is the binding one if the two ever diverge.
For everyone else, the English version is binding.
Changes to this policy
When this policy changes, we update this page and bump the "last updated" date at the top.
For material changes, the previous version will remain linked at the bottom of this page so the diff is visible.