Privacy Policy

1. Data Controller

The controller of your personal data is SOMA sp. z o.o., registered in Warsaw, Poland at ul. Białej Floty 2/20, 02-654 Warsaw, entered in the National Court Register (KRS) under number 0001164842, tax identification number (NIP) 5214111998, operating under the Midas brand (hereinafter referred to as “Controller”, “we”).

Contact: kamil@midasforscale.com

2. Information We Collect

We may collect the following categories of personal data:

• Contact information — name, email address, phone number, company name — provided voluntarily through our contact form or direct communication.
• Usage data — IP address, browser type, operating system, pages visited, time of visit — collected automatically through cookies and analytics tools.
• Communication data — content of emails and correspondence conducted within the scope of our cooperation.
• Billing data — data necessary for invoicing and payment processing, including tax ID and company address.

3. Legal Basis for Processing

We process your personal data based on the following grounds under Article 6(1) of the GDPR:

• Consent (Art. 6(1)(a)) — when you subscribe to our newsletter or consent to marketing communications.
• Performance of contract (Art. 6(1)(b)) — when processing is necessary for the performance of a contract or pre-contractual steps.
• Legal obligation (Art. 6(1)(c)) — when processing is required to comply with legal obligations, such as tax and accounting requirements.
• Legitimate interest (Art. 6(1)(f)) — for web analytics, exercising legal claims, and direct marketing of our services.

4. Purposes of Processing

We process your personal data for the following purposes:

• Providing services and performing contracts
• Responding to inquiries and conducting correspondence
• Invoicing and financial settlements
• Website traffic analysis and service optimization
• Direct marketing of our services (based on legitimate interest or consent)
• Fulfilling legal obligations

5. Data Sharing

We do not sell your personal data. We may share data only with:

• Service providers — entities providing services on our behalf (hosting, analytics tools, CRM systems, accounting services) that process data solely on our instructions and under a data processing agreement.
• Government authorities — when disclosure is required by law.
• Legal and tax advisors — to the extent necessary to protect our rights and interests.

6. Cookies and Tracking Technologies

Our website uses the following cookies:

• Essential — required for the proper functioning of the website (e.g., language preferences).
• Analytics — Google Analytics 4 — for analyzing website traffic and user behavior. This data is anonymized.
• Functional — Microsoft Clarity — for analyzing user interactions with the website (heatmaps, session recordings).

You can manage your cookie preferences in your browser settings. Disabling certain cookies may affect website functionality.

7. International Data Transfers

Due to our use of tools provided by entities based in the United States (Google, Microsoft), your data may be transferred outside the European Economic Area (EEA). In such cases, the transfer is based on:

• An adequacy decision by the European Commission (EU-US Data Privacy Framework), or
• Standard Contractual Clauses approved by the European Commission.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or disclosure. This includes data transmission encryption (SSL/TLS), access controls, and regular security reviews.

9. Data Retention

We retain your personal data for the following periods:

• Duration of the contract and 3 years after its termination (limitation period for claims) — contractual data.
• 5 years from the end of the tax year — billing data (tax obligations).
• Until consent is withdrawn — data processed based on consent.
• Until a successful objection is raised — data processed based on legitimate interest.

10. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access — you may obtain information about whether we process your data and request a copy.
• Right to rectification — you may request correction of inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”) — you may request deletion of your data when there is no legal basis for further processing.
• Right to restriction of processing — you may request restriction of processing in certain circumstances.
• Right to data portability — you may receive your data in a structured, commonly used format.
• Right to object — you may object to processing based on legitimate interest, including direct marketing.
• Right to withdraw consent — at any time, without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, contact us at: kamil@midasforscale.com

11. Right to Lodge a Complaint

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office (UODO):

12. Changes to This Policy

We reserve the right to update this Privacy Policy. Changes will be published on this page along with the date of the last update. We encourage you to review this policy regularly.

13. Contact

For matters related to personal data protection, please contact: