PRIVACY POLICY
Aim English Sp. z o.o.Last updated: May 2026
1. Data ControllerThe Data Controller is:
Aim English Sp. z o.o.ul. Wikingów 6
03-029 Warsaw, Poland
KRS: 0001048304
NIP (Tax Identification Number): 5242978918
REGON: 525889270
Contact e-mail:
aimforbusiness@gmail.comThe Controller has not appointed a Data Protection Officer (DPO).
For all matters relating to the protection of personal data, you may contact the Controller at the e-mail address provided above.
2. Scope of Personal Data ProcessingThe Controller may process the following categories of personal data:
- a) Identification and contact datafirst and last name;
- e-mail address;
- telephone number;
- information provided in contact or application forms.
- b) Data related to the provision of servicesinformation necessary for concluding and performing the agreement;
- information regarding the selected educational programme;
- information relating to communication between the Client, the Controller and the School;
- information necessary to provide organisational support for participation in educational programmes delivered by independent language schools or other educational partners.
- c) Data relating to parents or legal guardians and minor participantsfirst and last name of the parent or legal guardian;
- contact details of the parent or legal guardian;
- first and last name of the minor participant;
- age or date of birth of the participant;
- information necessary for organising the participant's involvement in the educational programme.
- d) Billing datainformation necessary for issuing invoices or accounting documents;
- information required under tax and accounting regulations.
- e) Technical dataIP address;
- information regarding the device and browser;
- information concerning the use of the website;
- information stored through cookies or similar technologies.
The Controller does not process special categories of personal data referred to in Article 9 of the GDPR unless such processing is necessary in a particular case and carried out in accordance with applicable law or on the basis of the explicit consent of the data subject or their legal representative.
3. Purposes and Legal Bases for Processing Personal DataPersonal data are processed for the following purposes:
a) Communication and responding to enquiriesPersonal data are processed for the purpose of responding to enquiries submitted via the contact form, e-mail, telephone or online communication channels.
Legal basis:Article 6(1)(f) GDPR — the Controller's legitimate interest consisting in maintaining communication with persons interested in its services.
b) Conclusion and performance of the agreement with the ClientPersonal data are processed for the purpose of concluding and performing an agreement concerning organisational, coordination, administrative, communication and support services related to the Client's or participant's participation in educational programmes organised by independent third parties.
Legal basis:Article 6(1)(b) GDPR — performance of a contract or taking steps prior to entering into a contract.
c) Organisational support for participation in international educational programmesPersonal data may be processed in order to provide the School or educational partner with the information necessary for enrolment, support the registration process, facilitate organisational communication, prepare participants for departure and provide organisational support before and during the educational programme.
Legal basis:- Article 6(1)(b) GDPR — performance of a contract;
- Article 6(1)(f) GDPR — the Controller's legitimate interest in ensuring the proper organisation of support services.
d) Compliance with the Controller's legal obligationsPersonal data are processed for the purpose of fulfilling obligations arising from applicable law, in particular tax, accounting and bookkeeping regulations.
Legal basis:Article 6(1)(c) GDPR — compliance with a legal obligation to which the Controller is subject.
e) Establishment, exercise or defence of legal claimsPersonal data may be processed for the purpose of establishing, pursuing or defending legal claims.
Legal basis:Article 6(1)(f) GDPR — the Controller's legitimate interest in protecting its legal rights.
f) Marketing of the Controller's own servicesPersonal data may be processed for the purpose of sending marketing communications, newsletters or commercial information, provided that the data subject has given their consent.
Legal basis:Article 6(1)(a) GDPR — consent of the data subject.
g) Website analytics and statisticsTechnical data may be processed to analyse website traffic, improve website functionality and compile statistical information.
Legal basis:- Article 6(1)(f) GDPR — the Controller's legitimate interest;
- where analytical or marketing cookies are used, the user's consent expressed through the cookie banner, where such consent is required.
h) Publication of imageA participant's image, in particular that of a minor, may be recorded or published solely on the basis of separate consent granted by the authorised person, in particular the parent or legal guardian.
Legal basis:Article 6(1)(a) GDPR — consent.
4. Voluntary Provision of Personal DataThe provision of personal data is voluntary. However, in certain cases it may be necessary in order to:
- respond to an enquiry;
- prepare an offer;
- conclude and perform an agreement;
- provide organisational and coordination services;
- transfer information to the School or educational partner;
- comply with the Controller's legal obligations.
Failure to provide the required data may make it impossible to use the Controller's services.
5. Data of MinorsIn relation to programmes intended for minors, the Controller processes the personal data of minor participants only to the extent necessary for the provision of organisational, communication and support services.
Personal data of minors are disclosed exclusively to entities involved in the implementation of the programme or necessary to ensure its proper organisation, including language schools, educational partners or entities supporting the organisation of the programme.
Any consent relating to a minor, including consent to the use of their image, shall be granted by the parent or legal guardian.
6. Recipients of Personal DataPersonal data may be disclosed to the following categories of recipients:
- language schools and educational partners delivering educational programmes;
- entities supporting the Controller in providing organisational, administrative and communication services;
- providers of IT services, hosting, e-mail services and CRM systems;
- providers of online communication tools;
- providers of analytical and marketing tools;
- providers of mailing services;
- accounting firms, tax advisers and law firms;
- public authorities where disclosure is required by law.
The Controller discloses personal data only to the extent necessary to achieve the relevant purpose.
7. Transfers of Personal Data Outside the European Economic AreaDue to the use of services provided by external suppliers, in particular IT, analytical, marketing, communication or educational service providers, personal data may be transferred outside the European Economic Area (EEA).
Any transfer of personal data outside the EEA is carried out in accordance with the GDPR, in particular on the basis of:
- an adequacy decision issued by the European Commission;
- Standard Contractual Clauses (SCCs);
- other transfer mechanisms provided for in Articles 44–49 GDPR.
8. Data Retention PeriodPersonal data shall be retained:
- for the period necessary to respond to enquiries or conduct correspondence;
- for the duration of the agreement and the provision of services;
- for the period required by applicable law, in particular tax and accounting legislation;
- for the limitation period applicable to potential legal claims;
- until consent is withdrawn, where processing is based on consent;
- until an effective objection is raised, where processing is based on the Controller's legitimate interest.
9. Rights of the Data SubjectThe data subject has the right to:
- access their personal data;
- obtain a copy of their personal data;
- rectify inaccurate or incomplete personal data;
- request the erasure of personal data;
- request the restriction of processing;
- receive their personal data in a portable format (data portability);
- object to the processing of personal data;
- withdraw consent at any time where processing is based on consent.
Withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal.
To exercise any of the above rights, the data subject may contact the Controller at:
aimforbusiness@gmail.com10. Right to Lodge a ComplaintThe data subject has the right to lodge a complaint with the competent supervisory authority:
President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych)ul. Stawki 2
00-193 Warsaw
Poland
11. Automated Decision-Making and ProfilingPersonal data are not used for automated decision-making, including profiling within the meaning of Article 22 of the GDPR.
The Controller may use analytical or marketing tools that assist in analysing website traffic or measuring the effectiveness of marketing activities. However, such tools do not result in automated decisions producing legal effects concerning the user or similarly significantly affecting the user.
12. Cookies and Similar TechnologiesThe Controller's website may use cookies and similar technologies.
Cookies may be used for the following purposes:
- ensuring the proper functioning of the website;
- remembering the user's preferences and settings;
- compiling statistics and analysing website traffic;
- improving the quality and performance of the website;
- carrying out marketing or remarketing activities.
Technically necessary cookies may be used without the user's consent where they are essential for the proper operation of the website.
Analytical, marketing and other non-essential cookies are used only after obtaining the user's consent, where such consent is required.
The user may modify their cookie preferences at any time through their browser settings or by using the consent management tool available on the website.
13. Marketing ConsentsWhere the user has consented to receive marketing or commercial communications, their personal data shall be processed for that purpose until such consent is withdrawn.
Consent to receive marketing communications is voluntary and may be withdrawn at any time.
Withdrawal of consent shall not affect the user's ability to use the Controller's services.
14. Data SecurityThe Controller implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, alteration or disclosure.
Access to personal data is granted only to those persons and entities that require such access for the purposes of carrying out the relevant processing activities.
15. Amendments to the Privacy PolicyThe Controller may update this Privacy Policy, in particular in the event of changes in applicable legislation, technological developments or changes to the services provided.
The current version of the Privacy Policy is available on the Controller's website.
16. ContactFor all matters relating to the processing and protection of personal data, you may contact the Controller at:
aimforbusiness@gmail.com