Vigilon Privacy Policy

Version: 2.0

Effective date: March, 27th, 2026

Last updated: March, 27th, 2026

This Privacy Policy describes how Vigilon processes personal data in connection with the use of the vigilon.pl website, communication with Vigilon and the use of Vigilon services, to the extent that Vigilon acts as a data controller.

This Policy also includes a general explanation of when Vigilon acts as a data processor in relation to data provided by customers to the app.vigilon.pl application. The detailed terms of such processing are governed by a separate Data Processing Agreement (DPA).

1. Data controller

The controller of personal data is:

Vigilon Adam Wiercioch

ul. Pęcicka 40, 01-688 Warsaw, Poland

Email: kontakt@vigilon.pl

For all matters related to personal data protection, you can contact the Controller at: kontakt@vigilon.pl.

2. Scope of this Privacy Policy

This Privacy Policy applies to personal data processed by Vigilon in connection with:

  1. the use of the vigilon.pl website;
  2. contacting Vigilon via forms, email, telephone or otherwise;
  3. requests for offers, demos, consultations or informational materials;
  4. ordering services and making payments;
  5. using a customer administrator account where Vigilon processes such data as a controller;
  6. marketing, analytical and statistical activities carried out by Vigilon;
  7. handling requests, debt collection, and the establishment, exercise or defence of legal claims.

This Policy does not replace:

  • information provided by our customers to their employees, contractors or other end users;
  • the Data Processing Agreement entered into between Vigilon and a customer in connection with the use of app.vigilon.pl;
  • cookie notices and consent settings that may be displayed separately through a cookie banner or privacy preference centre.

3. Vigilon’s roles in data processing

3.1. Vigilon as a controller

Vigilon acts as a controller mainly with respect to:

  • data of visitors to vigilon.pl;
  • data of persons contacting Vigilon in commercial, organisational, legal or technical matters;
  • data of representatives of customers, partners and suppliers;
  • data required to conclude and perform an agreement, handle billing, support and customer relationship management;
  • data processed for the direct marketing of Vigilon’s own services, where permitted by law.

3.2. Vigilon as a processor

With regard to personal data provided by customers to app.vigilon.pl, in particular end-user data used for training campaigns, phishing simulations, educational content, reporting and other functions activated by the customer, Vigilon generally acts as a data processor on behalf of the customer.

In such cases:

  • the customer remains the controller of the personal data or the entity authorised to issue binding instructions;
  • Vigilon processes the data solely on the customer’s documented instructions and only to the extent necessary to provide the service;
  • the detailed terms of processing, including instructions, security measures, onward transfers, retention and deletion, are set out in a separate Data Processing Agreement (DPA);
  • requests concerning the rights of end users whose data has been uploaded by the customer to the application should generally be addressed to the customer as the controller.

Vigilon designs the service to limit the amount of personal data processed to the minimum necessary for training and reporting purposes. In line with Vigilon’s public service model, Vigilon does not collect user passwords and does not allow passwords to be entered as part of a simulation.

4. What personal data we may process

The scope of personal data depends on the way you interact with us and the services you use.

4.1. Data provided directly by you

We may process in particular:

  • first name and last name;
  • business or personal email address;
  • telephone number;
  • company or organisation name;
  • job title, role, department or other basic organisational information;
  • the content of messages, enquiries, requests or correspondence;
  • data necessary to conclude and perform an agreement, issue invoices or settle payments;
  • customer administrator account data, including login data and information required to manage the service.

4.2. Data collected automatically

In connection with the use of the website or services, we may also process:

  • IP address;
  • date and time of a request;
  • URLs of requested resources;
  • browser, operating system and device information;
  • diagnostic and system log data;
  • error and technical event data;
  • source-of-entry information, including referrer data;
  • cookie identifiers or similar technologies, where used.

4.3. Data obtained from other sources

We may also receive data from:

  • customers who identify you as a contact person;
  • business and technology partners;
  • publicly available business sources;
  • service providers supporting sales, customer service, analytics or payments.

5. Purposes and legal bases for processing

We only process personal data where we have an appropriate legal basis.

5.1. Contact, enquiries, offers and demos

We process personal data in order to:

  • respond to a message or enquiry;
  • prepare an offer;
  • schedule a call, presentation or demo;
  • take steps prior to entering into an agreement.

Legal basis: Article 6(1)(b) GDPR — taking steps at the request of the data subject prior to entering into a contract, or Article 6(1)(f) GDPR — our legitimate interest in handling business communications.

5.2. Entering into and performing a contract

We process personal data in order to:

  • create an account and activate the service;
  • provide the ordered service;
  • deliver technical and organisational support;
  • communicate with the customer administrator;
  • ensure service security, continuity and subscription handling.

Legal basis: Article 6(1)(b) GDPR — performance of a contract.

5.3. Billing, accounting and debt collection

We process personal data in order to:

  • issue accounting documents;
  • handle payments and settlements;
  • comply with tax and accounting obligations;
  • collect outstanding payments and support debt recovery processes.

Legal basis: Article 6(1)(c) GDPR — compliance with a legal obligation, and Article 6(1)(f) GDPR — our legitimate interest in debt collection and protection against abuse.

5.4. Direct marketing of Vigilon’s own services

We may process personal data in order to present our offer and send information about services, educational materials, updates, demos, webinars or other content related to Vigilon’s business.

Legal basis:

  • Article 6(1)(f) GDPR — our legitimate interest in the direct marketing of our own services;
  • Article 6(1)(a) GDPR — consent, where the relevant communication channel or processing activity requires consent under applicable law.

5.5. Forms, online chat and requests

Where the website includes contact forms, demo forms, online chat tools or other features allowing data submission, we process personal data to handle the request, provide commercial contact, service contact or support.

Legal basis: Article 6(1)(b) or 6(1)(f) GDPR, depending on the nature of the request.

5.6. Analytics, statistics and website improvement

We process personal data to analyse the use of the website, improve functionality, security and communication performance, and to generate statistics and business analyses.

Legal basis: Article 6(1)(f) GDPR — our legitimate interest in developing and optimising the website and services, and, in relation to certain cookies or analytics tools, consent where required.

5.7. Security, logs and abuse prevention

We process technical data and logs in order to:

  • ensure infrastructure security;
  • detect incidents, errors and abuse;
  • create backups;
  • restore service continuity;
  • administer the website and systems.

Legal basis: Article 6(1)(f) GDPR — our legitimate interest in ensuring the security, integrity and availability of the service.

5.8. Establishment, exercise and defence of claims

We may also process personal data in order to establish, exercise or defend legal claims and to demonstrate compliance with legal obligations.

Legal basis: Article 6(1)(f) GDPR — our legitimate interest.

6. Sources of data

Personal data comes primarily from:

  • you directly;
  • forms available on the websites vigilon.pl and app.vigilon.pl;
  • correspondence with Vigilon;
  • server logs and analytics tools;

7. Recipients of personal data

Personal data may be disclosed only to authorised recipients or cooperating entities where necessary to achieve the purposes set out in this Privacy Policy.

Recipients may include in particular:

  • hosting and infrastructure providers — currently cyberFolks.pl;
  • email and communication providers;
  • payment operators;
  • providers of analytics, marketing automation, online chat, CRM, helpdesk or support systems, where used;
  • accounting, legal, debt collection or advisory service providers;
  • IT and security service providers;
  • public authorities authorised under applicable law.

Each processor acting on our behalf should provide an appropriate level of security and confidentiality.

8. Transfers outside the EEA

Because we may use certain technology, analytics, marketing or communication providers, personal data may be transferred outside the European Economic Area, including to third countries.

Where such a transfer takes place, it is carried out in accordance with the GDPR, in particular on the basis of:

  • an adequacy decision issued by the European Commission; or
  • Standard Contractual Clauses; or
  • another lawful transfer mechanism.

If you would like more information about the safeguards used for international transfers, please contact us.

9. Retention periods

We retain personal data no longer than necessary for the purpose for which it was collected, unless a longer period is required by law or by the need to defend against claims.

As a general rule:

  • data related to enquiries, offers and business contact is retained for the period necessary to handle the matter and then for the period needed to document the contact or defend against claims;
  • marketing data is retained for no longer than 3 years, unless you withdraw consent earlier or object to such processing;
  • accounting and billing data is retained for the period required by tax and accounting laws;
  • technical logs and security-related data are retained for a period justified by security, diagnostics and service continuity;
  • data processed by Vigilon as a processor in app.vigilon.pl is retained for the period resulting from the agreement with the customer, the customer’s instructions and the DPA.

10. Your rights

You have the right to:

  • access your personal data;
  • rectify your data;
  • erase your data;
  • restrict processing;
  • receive your data in a portable format, where processing is based on a contract or consent and carried out by automated means;
  • object to processing based on a legitimate interest;
  • withdraw consent at any time, where processing is based on consent;
  • lodge a complaint with the competent supervisory authority.

Where Vigilon acts as a processor on behalf of a customer, requests relating to end-user data uploaded to app.vigilon.pl should generally be addressed to the customer as controller. Vigilon supports the customer in handling such requests in accordance with the DPA and applicable law.

11. Automated decision-making and profiling

In some cases we may use tools that automate website operation, marketing or communication, as well as statistical analysis and audience segmentation.

This may include in particular:

  • directing communications to relevant audience segments;
  • sending automated messages after a user takes a specific action, where there is an appropriate legal basis;
  • measuring the effectiveness of information and marketing campaigns;
  • fraud prevention and security activities.

As a rule, Vigilon does not make decisions concerning visitors to vigilon.pl based solely on automated processing that would produce legal effects or similarly significantly affect them, unless this is explicitly indicated in a separate notice.

12. Cookies and similar technologies

The vigilon.pl website uses cookies and similar technologies.

Cookies may be used in order to:

  • ensure the proper functioning of the website;
  • maintain a user session;
  • remember preferences;
  • generate statistics and analytics;
  • carry out marketing or remarketing activities, where used.

Depending on the website configuration, both first-party cookies and cookies of third-party providers such as analytics, advertising, social media or support service providers may be used.

Users can manage cookie settings through their browser or, where available, through the cookie banner / privacy preference centre. Restricting some cookies may affect the operation of the website.

13. Analytics and marketing tools

According to the information currently published in the Vigilon website, Vigilon may use analytics tools, including Google Analytics, and solutions automating website operation and marketing communication.

Where such tools are active:

  • we use them for traffic analysis, statistics, website optimisation and communication improvement;
  • we seek to limit the scope of processed data to the minimum necessary;
  • where required by law, we ask for consent before activating relevant cookies or tracking technologies;
  • advertising preferences may also be managed with third-party providers in accordance with their own privacy policies.

14. Data security

Vigilon implements technical and organisational measures designed to protect personal data, appropriate to the nature, scope, context and purposes of the processing and to the level of risk.

According to the information currently published in the service, such measures include in particular:

  • securing data transmission with an SSL certificate;
  • periodic changes of administrative passwords;
  • regular updates of software and technical components;
  • regular backups;
  • organisational and technical measures limiting access to personal data to authorised persons.

Despite the use of appropriate safeguards, no method of transmission over the Internet and no method of data storage can completely eliminate risk.

15. Server logs and hosting

The Vigilon website is technically hosted on hosting provider servers. Therefore, the hosting provider may process data recorded in server logs, such as:

  • URLs of requested resources;
  • time of receipt of the request and time of sending the response;
  • client station identification within the HTTP protocol;
  • information about errors;
  • the address of the website previously visited by the user;
  • information about the browser and IP address;
  • diagnostic information related to the operation of the website and services.

This data is used mainly to ensure technical reliability, security and website administration.

16. Changes to this Privacy Policy

Vigilon may update this Privacy Policy, in particular in the event of changes in law, technology, organisation or the way services are provided.

The current version of the Privacy Policy is published on vigilon.pl.

17. Contact and supervisory authority

For all matters concerning personal data protection, you may contact us at: kontakt@vigilon.pl.

You also have the right to lodge a complaint with the competent supervisory authority. In Poland, this authority is:

President of the Personal Data Protection Office

ul. Stawki 2

00-193 Warsaw

[https://uodo.gov.pl](https://uodo.gov.pl)

Scroll to Top