Google Workspace Mail without Subscriptions in GSuiteForBusinesses.Online

Privacy Policy of the website www.gsuiteforbusinesses.online

This Policy sets out the rules for the processing of personal data and the use of cookies and similar technologies on the website www.gsuiteforbusinesses.online, operated by SULEMA Sp. z o.o. (hereinafter referred to as the "Administrator", "we").

§1. Data Controller

SULEMA Sp. z o.o., ul. 22 Stycznia 1863 r. 14, 32-540 Trzebinia, PL, KRS: 0001046418, TAX ID: PL6282291938 – VAT payer. Contact: info@sulema.pl. Data Protection Inspector: Gabriela Ropka, e-mail: kontakt@sulema.pl. ^[1]

§2. Scope, categories, and sources of data

• Identification and contact data – name and surname, telephone number, email address, Tax Identification Number (if applicable), billing/delivery address, IP address.
• Order data – number of domains/accounts, selected options (DNS, migration), order value, payment and settlement statuses.
• Billing data – data required for issuing invoices (proforma/VAT) and accounting records.
• Technical data – server logs, cookie identifiers, device/browser information, Cloudflare Turnstile verification token.
• Marketing/analytical activity data – events related to link clicks and form submissions (Meta Pixel), traffic statistics (e.g., Google Analytics – if opted in) Consent).

§3. Purposes and legal basis (GDPR)

• Contract performance / order processing – Article 6(1)(b) GDPR (conclusion and performance of the contract; including account configuration, DNS, migrations).
• Billing and legal obligations – Article 6(1)(c) GDPR (issuance and storage of invoices, taxes, accounting).
• Security and pursuing claims – Article 6(1)(f) GDPR (logs, fraud prevention, claims archiving).
• Marketing and analytics (e.g., Meta Pixel, Google Analytics) – Article 6(1)(a) GDPR (consent). Lack of consent means these tools will not function.
• Communication (responses to inquiries, support) – Article 6(1)(b)(f) of the GDPR, depending on the context.

§4. Data recipients (categories)

• Google – in the scope of Google Workspace (provision of email services) and – upon consent – ​​Google Analytics/Ads. ^[2][3]
• Meta Platforms – only upon consent, for marketing events with Meta Pixel (e.g., ClickLink/Lead). ^[4]
• Payment Operators – Stripe (link to card payments, BLIK, Przelewy24, iDEAL, eps, giroPay, Klarna, SEPA, Sofort). Scope: payment and identification data to the extent necessary.
• Cloudflare – Turnstile service (anti-bot protection / anti-spam form verification). ^[5]
• Hosting/IT provider, email (SMTP) – server and mail infrastructure, maintenance and technical support.
• Other cooperating entities – legal/accounting advice, debt collection, if necessary and in accordance with the law.

§5. Transfer outside the EEA

Some providers (e.g., Google, Meta, Stripe, Cloudflare) may process data outside the EEA (including the USA). Standard Contractual Clauses and other mechanisms provided for by the GDPR/applicable law are used. Detailed information can be found in the policies of these providers. ^[2][3][4][5]

§6. Storage Periods

• Orders and Billing – for the duration of the service and up to 5 years after the end of the tax year (tax/accounting regulations).
• Correspondence and Support – generally up to 3 years for evidentiary purposes (or longer if required by claims/law).
• Technical Logs – usually up to 12 months (security/diagnostics).
• Marketing/Analytics (upon consent) – until consent is withdrawn; event data may be stored in accordance with the provider's policies.
• Cookies – in accordance with the lifetime of the given file (details in the "Cookie Settings" banner).

§7. Data Subject Rights

You have the right to: access, rectify, erase, restrict, transfer, object to processing (including direct marketing), and file a complaint with the President of the Personal Data Protection Office. If consent is the basis, you may withdraw it at any time, without affecting the lawfulness of processing prior to withdrawal.

§8. Cookies, Consents, and Tools

• The website uses a consent management mechanism ("Cookie Settings"). We only enable analytics/marketing (e.g., Google Analytics, Meta Pixel) after you have provided consent. You can change your consent at any time.
• Meta Pixel: we record, among other things, link clicks and form submissions ("Lead" event); processing only takes place after you have provided marketing consent. ^[4]
• Cloudflare Turnstile: verification that the form is being submitted by a human and not a bot; the tool is for security purposes and may process limited technical data (e.g., IP address, browser information) – in accordance with Cloudflare's policy. ^[5]

§9. Google Workspace

The email service is powered by Google Workspace. Google processes data in accordance with its own terms and conditions and GDPR (CDPA) annexes. As the Controller, we are responsible for providing the relevant information and obtaining the necessary consents. ^[2][3]

§10. Payments

Payments are made: (i) by bank transfer (split payment) to the account indicated on the proforma invoice sent by email, or (ii) electronically via Przelewy24/BLIK/card – the payment link is managed by Stripe. Payment data is processed by operators in accordance with their policies.

§11. Security

We use technical and organizational measures appropriate to the risk, including transmission encryption (HTTPS), access control, event logging, and security tests. ^[1]

§12. Contact and Exercising Rights

Requests regarding the exercise of rights (GDPR) should be directed to: info@sulema.pl or to the Data Protection Supervisor: kontakt@sulema.pl. In the body of the message, please indicate which right you are requesting and the scope of data the request concerns.

§13. Changes to the Policy

The Policy may change, for example, in the event of updates to the law or tools. The version published on the website applies.