Privacy Policy

1. The Service Owner is the controller of personal data.

2. The Controller has appointed a Data Protection Officer, whose role is performed by Natalia Benderska. The Data Protection Officer can be contacted by writing to the e-mail address: iod@all-for-one.com.

3. In connection with the processing of personal data by the Controller, data subjects have the following rights:

a) the right to access personal data – in accordance with the principles of Article 15 of the GDPR;

b) the right to request rectification of personal data – in accordance with the principles of Article 16 of the GDPR;

c) the right to request erasure of data – in accordance with the principles of Article 17 of the GDPR;

d) the right to request restriction of data processing – in accordance with the principles of Article 18 of the GDPR.

e) The right to data portability – in accordance with the principles of Article 20 of the GDPR.

4. If the Controller processes personal data based on its legitimate interest (Article 6(1)(f) of the GDPR), the data subject has the right to object to further processing of personal data by the Controller – in accordance with the principles of Article 21 of the GDPR.

5. In every case of personal data processing based on consent (Article 6(1)(a) of the GDPR), such consent is given voluntarily and may be withdrawn at any time without affecting the lawfulness of processing carried out on its basis before its withdrawal.

6. Requests for exercising rights should be submitted by contacting the Data Protection Officer.

7. In case of any doubts regarding the processing of personal data by the Controller, please contact the Data Protection Officer. Nevertheless, we inform that every data subject has the right to lodge a complaint regarding the processing of their personal data with the President of the Personal Data Protection Office.

8. Personal data may be transferred outside the European Economic Area (EEA) – most often this transfer takes place within the cooperation of companies belonging to the All for One Group. In each such case, the Controller pays particular attention to ensuring that such data is transferred securely and in accordance with personal data transfer regulations (in particular, the European Commission’s adequacy decision, standard contractual clauses).

9. Recipients of data may include entities providing services such as: subcontracting, IT support, marketing, training, mail and parcel delivery, legal services. Personal data is disclosed to data recipients only on the basis of an agreement or legal provisions.

10. Personal data is not subject to automated decision-making, including profiling, unless explicitly indicated in the description of individual processing purposes.

I. Use of the Service

1. The website uses cookies and tracking mechanisms, the operation of which may involve user profiling – more information on this topic can be found in the Cookie Policy. The Cookie Policy also contains information on the functions of individual files and the period for which these files are installed on the user’s device.

2. Log files – each time a user accesses the Service website, the administrator collects device information: IP address, browser request, and the time of this request. Additionally, during this request, the status and amount of data transferred, information about the browser version used, and the device’s operating system are recorded. The Administrator also collects information about the address of the page that redirected the user to the Service. This data is used for the operation of the Service, and in particular for detecting and eliminating errors on the website, determining website traffic, and implementing changes and improvements.

3. Embedded third-party content (Google Maps, YouTube etc.) – If third-party content, such as Google Maps, YouTube, is displayed on the Service website, the condition for making this content available and displaying it in the browser is the transfer of information from the Log files by the user to the external provider. We have no influence on the data processing by the external provider. If the user is logged into the external provider’s website using a user account, the external provider may link the user’s behavior to such an account. If necessary, the external provider stores data in user profiles and uses it for advertising purposes, market research, and/or designing its website according to requirements. Any rights to object to the creation of these user profiles should be directed to the external provider. More information on the purpose and scope of data collection and its processing by the external provider can be found in the privacy policy of such provider. More information on rights and setting options for privacy protection can also be found there:

a) Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de.

b) YouTube, LLC, 901 Cherry Avenue, Second Floor, San Bruno, CA 94066, USA; https://www.google.com/policies/privacy/partners/?hl=de.

4. Google Analytics – The Service uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies” to help the website analyze how users use it. The information generated by the cookie about your use of the Service is usually transmitted to a Google server located in the USA and stored there. This website uses Google Analytics with the “_anonimizeIp()” extension. As a result, IP addresses are further processed in a shortened form to exclude the possibility of direct personal identification. The Controller uses Google Analytics for the analysis and regular optimization of the Service’s functionality and usage. More information on data processing by Google can be found in Google’s Data Privacy Statement:

5. Google AdWords Conversion Tracking: The Service uses Google AdWords to generate interest in offers through advertising materials (Google AdWords) on external websites. Based on data from advertising campaigns, the service owner can determine the effectiveness of individual advertising activities. The purpose of this operation is to display advertisements that are relevant to users, making the Service more attractive to users, and to achieve a fair calculation of advertising costs. Advertising media are delivered by Google via so-called “ad servers”. For this purpose, ad server cookies are used, which can measure certain success parameters, such as ad impressions or user clicks. If a user accesses the Service via a Google ad, Google AdWords stores a cookie on the user’s device. Such cookies usually expire after 30 days and are not intended for user identification. For this cookie, its unique identifier, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversion), and opt-out information (marking that the user no longer wishes to be a recipient) are usually stored as analysis values.

Thanks to such cookies, Google can recognize the user’s web browser. If the user visits certain pages of an AdWords client’s website and the cookie stored on their device has not expired, Google and the client can recognize that the user clicked on an ad and was redirected to the Service website. A different cookie is assigned to each AdWords client. Cookies cannot therefore be tracked across AdWords client websites. The Service Owner does not collect or process any personal data within the scope of the aforementioned advertising activities – it only receives statistical analyses from Google. Based on these analyses, it can be determined which of the advertising activities used are particularly effective. The Service Owner does not receive any further data regarding the use of advertising materials – in particular, it is not possible to identify users based on this information.

Thanks to the marketing tools used, the browser automatically establishes a direct connection with the Google server. The Service Owner has no influence on the scope and further use of data collected by Google using this tool. Nevertheless, according to the current knowledge of the Service Owner, through AdWords conversion integration, Google receives information that the user has accessed a relevant part of our website or clicked on an advertisement about us. If the user is registered with a Google service, Google may link the visit to the Service with the user’s Google account. (Even if the user is not registered or logged into a Google service, it is possible that the provider obtains and stores the user’s IP address).

The tracking process can be blocked in various ways:

a) by appropriately configuring the web browser, in particular by disabling third-party cookies – the user will then not receive any advertisements from external providers;

b) by disabling conversion tracking cookies, by setting the browser to block cookies from the domain “www.googleadservices.com”, https://safety.google/privacy/ads-and-data/?hl=pl, with this setting being removed after cookies are deleted;

c) by deactivating interest-based advertisements from providers within the self-regulatory campaign “About Ads” via the link http://www.aboutads.info/choices, with this setting being removed after cookies are deleted;

d) by permanently deactivating Firefox, Internet Explorer, or Google Chrome in your browsers via the link http://www.google.com/settings/ads/plugin.

Please note that full use of some parts of the Service may then be impossible.

6. Not all cookies and other technologies used by the Service involve the processing of personal data, however, if these tools involve the processing of personal data, the Controller informs that:

a) In the case of essential cookies, the legal basis for processing is Article 6(1)(f) of the GDPR – i.e., the legitimate interest of the controller, which is to ensure the operability of the website and enable the presentation of its content. Providing data is voluntary, but necessary to use the Service.

b) In the case of other cookies and information generated by technologies used in the Service, the legal basis for processing is Article 6(1)(a) of the GDPR, i.e., user consent. Providing this data is voluntary, and withholding consent does not affect the ability to use the service; however, not expressing it may have a negative impact on the reception and presentation of the Service’s content – especially multimedia content. Withholding it will also prevent the Service Owner from performing analyses and advertising activities described above.

II. Contact Form, Phone Contact, Email Contact

1. We process data to enable contact with the Controller – to submit an inquiry, provide a response, and conduct further correspondence.

2. The legal basis for processing personal data is Article 6(1)(f) of the GDPR, i.e., the legitimate interest of the controller, which the controller considers to be the achievement of the aforementioned processing purpose and the possibility of contacting the data subject to present service offers, send information about webinars, training, and other information that the controller deems interesting and useful for the data subject.

3. Data will be stored until the processing purpose is exhausted or potential claims expire, or until the data subject effectively objects to such processing by the Controller.

4. Providing personal data is voluntary, but necessary to contact/correspond with the controller.

III. Marketing Information

1. In connection with training activities conducted by the Controller, participation/leading of events by the Controller’s employees, during cooperation, networking, and exchange of experience, the Controller acquires personal data, which it then processes for marketing purposes – sending information about events, offers, and services that might be of interest to the data subject.

2. As a rule, the source of data is the data subject (via email contact, phone contact, using the contact form). However, it may happen that the Controller obtains personal data from another source – employees, company promotional materials, website, social media, during contract negotiations. For contact purposes, the Controller always uses business contact details.

3. The legal basis for processing is Article 6(1)(f) of the GDPR – i.e., the legitimate interest, which is the achievement of the processing purpose.

4. Data will be stored until the processing purpose is exhausted or until the data subject effectively objects to such processing by the Controller.

This Privacy Policy is effective from the date of its publication, i.e., November 13, 2025. Any amendments to this document will be introduced at http://rockawork.com/polityka-prywatnosci and will be effective from the moment of their publication.

The Service may contain links to third-party websites. The Company does not control these sites and therefore is not responsible for the practices of third parties regarding the confidentiality and security of personal data processed through these sites.