Privacy Policy

1. The Service Owner is the controller of personal data (the “Controller”).

2. The Controller has appointed a Data Protection Officer, a role performed by Natalia Benderska. The Data Protection Officer can be contacted at the following e-mail address: iod@all-for-one.com.

3. In connection with the processing of personal data by the Controller, data subjects have the following rights:

a) the right to access personal data – in accordance with the principles of Article 15 of the GDPR;

b) the right to request rectification of personal data – in accordance with the principles of Article 16 of the GDPR;

c) the right to request erasure of personal data – in accordance with the principles of Article 17 of the GDPR;

d) the right to request restriction of data processing – in accordance with the principles of Article 18 of the GDPR;

e) the right to data portability – in accordance with the principles of Article 20 of the GDPR.

4. If the Controller processes personal data based on its legitimate interest (Article 6(1)(f) of the GDPR), the data subject has the right to object to further processing of personal data by the Controller – in accordance with the principles of Article 21 of the GDPR.

5. In every case of personal data processing based on consent (Article 6(1)(a) of the GDPR), such consent is given voluntarily and may be withdrawn at any time without affecting the lawfulness of processing carried out on its basis before its withdrawal.

6. Requests for exercising rights should be submitted by contacting the Data Protection Officer.

7. In case of any doubts regarding the processing of personal data by the Controller, please contact the Data Protection Officer. However, each data subject has the right to lodge a complaint regarding the processing of their personal data with the President of the Personal Data Protection Office.

8. Personal data may be transferred outside the European Economic Area (EEA) – most often this transfer takes place as part of cooperation between companies belonging to the All for One Group. In each such case, the Controller pays particular attention to ensuring that such data is transferred securely and in accordance with personal data transfer regulations (in particular, the European Commission’s adequacy decision, standard contractual clauses).

9. Recipients of data may include entities providing services such as: subcontracting, IT support, marketing, training, mail and parcel delivery, legal services. Personal data is disclosed to data recipients only on the basis of an agreement or legal provisions.

10. Personal data is not subject to automated decision-making, including profiling, unless explicitly indicated in the description of individual processing purposes.

I. Use of the Service

1. The website uses cookies and tracking mechanisms, the operation of which may involve profiling of users – more information on this topic can be found in the Cookie Policy. The Cookie Policy also contains information on the functions of individual files and the period for which these files are installed on the user’s device.

2. Log files – each time a user accesses the Service, the Controller collects device information, including the IP address, the browser request, and the time of that request. Additionally, during that request, the status and amount of data transferred, information about the browser version used, and the device’s operating system are recorded. The Controller also collects information about the address of the page that referred the user to the Service. This data is used for the operation of the Service, and in particular for detecting and eliminating errors on the website, determining website traffic, and implementing changes and improvements.

3. Embedded third-party content (Google Maps, YouTube**,** etc.) – If third-party content, such as Google Maps or YouTube, is displayed on the Service website, displaying this content in the browser requires the user’s browser to transmit information from the log files to the external provider. We have no influence over the external provider’s processing of data. If the user is logged into the external provider’s website using a user account, the external provider may link the user’s behavior to such an account. The external provider may store data in user profiles and use it for advertising purposes, market research, and/or designing its website according to requirements. Any objections to the creation of these user profiles should be addressed to the external provider. More information on the purpose and scope of data collection and its processing by the external provider can be found in that provider’s privacy policy. More information on rights and settings options for privacy protection can also be found there:

a) Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de.

b) YouTube, LLC, 901 Cherry Avenue, Second Floor, San Bruno, CA 94066, USA; https://www.google.com/policies/privacy/partners/?hl=de.

4. Google Analytics – The Service uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies” to help the website analyze how users use it. The information generated by the cookie about your use of the Service is usually transmitted to a Google server located in the USA and stored there. This website uses Google Analytics with the “_anonimizeIp()” extension. As a result, IP addresses are further processed in a shortened form to exclude the possibility of direct personal identification. The Controller uses Google Analytics for the analysis and regular optimization of the Service’s functionality and usage. More information on data processing by Google can be found in Google’s Data Privacy Statement: https://policies.google.com/privacy?hl=en-GB.

5. Google AdWords Conversion Tracking: The Service uses Google AdWords to generate interest in offers through advertising materials (Google AdWords) on external websites. Based on data from advertising campaigns, the Service Owner can determine the effectiveness of individual advertising activities. The purpose of this operation is to display advertisements that are relevant to users, make the Service more attractive to users, and achieve a fair calculation of advertising costs. Advertising materials are delivered by Google via so-called “ad servers”. For this purpose, ad server cookies are used, which can measure certain success parameters, such as ad impressions or user clicks. If a user accesses the Service via a Google ad, Google AdWords stores a cookie on the user’s device. Such cookies usually expire after 30 days and are not intended for user identification. For this cookie, the following analysis values are usually stored: its unique identifier, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversion), and opt-out information (marking that the user no longer wishes to receive ads).
Thanks to such cookies, Google can recognize the user’s web browser. If the user visits certain pages of an AdWords client’s website and the cookie stored on their device has not expired, Google and the client can recognize that the user clicked on an ad and was redirected to the Service website. A different cookie is assigned to each AdWords client. Cookies cannot therefore be tracked across AdWords client websites. The Service Owner does not collect or process any personal data within the scope of the aforementioned advertising activities – it only receives statistical analyses from Google. Based on these analyses, it can be determined which of the advertising activities used are particularly effective. The Service Owner does not receive any further data regarding the use of advertising materials – in particular, it is not possible to identify users based on this information.

Thanks to the marketing tools used, the browser automatically establishes a direct connection with the Google server. The Service Owner has no influence on the scope and further use of data collected by Google using this tool. Nevertheless, according to the current knowledge of the Service Owner, through AdWords conversion tracking, Google receives information that the user has accessed a relevant part of our website or clicked on an advertisement about us. If the user is registered with a Google service, Google may link the visit to the Service with the user’s Google account. (Even if the user is not registered or logged into a Google service, it is possible that the provider obtains and stores the user’s IP address).

The tracking process can be blocked in various ways:

a) by appropriately configuring the web browser, in particular by disabling third-party cookies – the user will then not receive any advertisements from external providers;

b) by disabling conversion tracking cookies, by setting the browser to block cookies from the domain “www.googleadservices.com”, https://safety.google/privacy/ads-and-data/?hl=pl, note that this setting will be removed after cookies are deleted;

c) by deactivating interest-based advertisements from providers within the self-regulatory campaign “About Ads” via the link http://www.aboutads.info/choices, note that this setting will be removed after cookies are deleted;

d) by permanently disabling this feature in Firefox, Internet Explorer, or Google Chrome via the link http://www.google.com/settings/ads/plugin.

Please note that full use of some parts of the Service may then be impossible.

6. Not all cookies and other technologies used by the Service involve the processing of personal data, however, if these tools involve the processing of personal data, the Controller informs that:

a) In the case of essential cookies, the legal basis for processing is Article 6(1)(f) of the GDPR – i.e., the legitimate interest of the controller, which is to ensure the functionality of the website and enable the presentation of its content. Providing data is voluntary, but necessary to use the Service.

b) In the case of other cookies and information generated by technologies used in the Service, the legal basis for processing is Article 6(1)(a) of the GDPR, i.e., user consent. Providing this data is voluntary, and withholding consent does not affect the ability to use the Service; however, not providing it may have a negative impact on the use and presentation of the Service’s content – especially multimedia content. Withholding it will also prevent the Service Owner from performing the analyses and advertising activities described above.

II. Contact Form, Phone Contact, Email Contact

1. We process data to enable contact with the Controller – to submit an inquiry, provide a response, and conduct further correspondence.

2. The legal basis for processing personal data is Article 6(1)(f) of the GDPR, i.e., the legitimate interest of the controller, which the controller considers to be the achievement of the aforementioned processing purpose and the enabling of contacting the data subject to present service offers, send information about webinars, training, and provide other information that the controller deems interesting and useful for the data subject.

3. Data will be stored until the processing purpose is fulfilled or potential claims expire, or until the data subject effectively objects to such processing by the Controller.

4. Providing personal data is voluntary, but necessary to contact/correspond with the Controller.

III. Marketing Information

1. In connection with training activities conducted by the Controller, participation in and/or leading of events by the Controller’s employees, cooperation, networking, and the exchange of experience,, the Controller acquires personal data, which it then processes for marketing purposes – sending information about events, offers, and services that might be of interest to the data subject.

2. As a rule, the source of data is the data subject (via email contact, phone contact, or the contact form). However, it may happen that the Controller obtains personal data from another source e.g., employees, company promotional materials, websites, social media, during contract negotiations. For contact purposes, the Controller always uses business contact details.

3. The legal basis for processing is Article 6(1)(f) of the GDPR – i.e., the legitimate interest, which is the achievement of the processing purpose.

4. Data will be stored until the processing purpose is fulfilled or until the data subject effectively objects to such processing by the Controller.

This Privacy Policy is effective from the date of its publication: 13.03.2026. Any amendments to this document will be published at https://rockawork.com/en/privacy-policy/ and will take effect upon publication.

The Service may contain links to third-party websites. The Service Owner does not control these sites and is therefore not responsible for the practices of third parties regarding the confidentiality and security of personal data processed through these sites.