Privacy Policy

Last Updated: June 15, 2026 · Effective Date: July 1, 2026

This Privacy Policy describes how Polish Pages, Inc., a New York Corporation (“Company,” “we,” “us,” or “our”), collects, uses, and discloses information about you when you visit our websites or use our services.

Other services in our ecosystem

Polish Pages, Inc. operates three platforms as a single data controller: PolishPages.com (this site — business directory, advertising, and hosting), Poland.us (Dziennik Polonijny news portal), and Drobnica.com (classifieds). This Privacy Policy is the primary policy describing our ecosystem and governs PolishPages.com in particular. Poland.us and Drobnica.com each have their own dedicated Privacy Policy tailored to those services — see poland.us/privacy-policy/ and drobnica.com/privacy-policy/.

By using our Services, you agree to the collection and use of information in accordance with this policy. If you are a business client (“Client”), this Privacy Policy is incorporated into and subject to our Terms of Use. Hosting clients are additionally subject to our Hosting Services Agreement and, where applicable, a Data Processing Agreement (see Section 11).

1. Information We Collect

We collect information to provide, secure, and improve our Services. The specific data we collect depends on how you interact with us.

1.1 Information You Provide to Us Directly

Registration Information: When you create an account, we collect your name, email address, password, and (where applicable) phone number.

Business Listing Data: We collect business names, addresses, contact details, photos, logos, hours of operation, and professional descriptions for publication in our directory.

Advertisers & Sponsored Content: If you purchase a Sponsored Article, Guest Post, Banner Ad, directory listing, or other advertising service, we collect your business name, Tax ID (where applicable), billing address, contact information for invoicing, and the content you submit for publication.

Payment & Subscription Information: If you purchase a subscription, premium ad, advertising package, or hosting services, we collect your billing address and transaction details.

Hosting Client Information: If you purchase website hosting services, we additionally collect information related to the hosted website and its administration (see Section 11).

Communications: Information you provide when contacting our support team via [email protected] or other channels.

Newsletter Subscription: If you subscribe to our newsletter, we collect your email address and the date and time of your consent. We use double opt-in verification.

Important Note on Credit Cards

We do not store full credit card numbers on our servers. All transactions are securely processed by third-party payment processors, primarily Stripe, Inc. If you select a subscription plan, you acknowledge that our payment processor will store a secure payment token to facilitate automatic renewals.

Sensitive Information (please do not submit)

Our directory includes businesses in regulated fields (medical, legal, insurance, financial). You should not submit medical, health, insurance, legal, financial, or other sensitive information through general directory or contact forms unless specifically requested by the receiving business. Polish Pages, Inc. is not a healthcare provider, law firm, insurer, or financial institution and does not provide professional advice through its Services. When you contact a business through our directory, that business’s own privacy practices apply to the information you share with them.

1.2 Information We Collect Automatically

Usage Data & Cookies: We collect information about your activity, such as pages visited, time spent, and links clicked. See Section 5.

Device Information: Hardware model, operating system, and IP address.

Location Data: We may derive your approximate location from your IP address to display relevant local businesses.

Transaction Data: Metadata about your purchases (purchase date, plan type, renewal status).

Advertising Performance Data: Our self-hosted advertising server (our self-hosted ad server — see Section 3.2) records anonymized impression and click data. This data is retained on our own infrastructure and is not shared with external advertising networks.

1.3 Platform-Specific Data Collection

PlatformPrimary Data Collected
PolishPages.comBusiness listings, advertiser accounts, subscription records, hosting client data (see §11), directory search queries, ad impression data.
Poland.usSee the dedicated Poland.us Privacy Policy.
Drobnica.comSee the dedicated Drobnica Privacy Policy.

2. How We Use Your Information

  • Service Provision: To operate our directory and fulfill orders for advertising or hosting services.
  • Subscription Management: To process payments, manage recurring billing, and send invoices.
  • Hosting Services: To operate, maintain, back up, and secure websites hosted for our Clients (see Section 11).
  • Content Moderation: To review and moderate business listings and sponsored content for compliance with our Terms.
  • Advertising Delivery: To serve ads on our own platform through our self-hosted ad server using first-party data.
  • Safety & Security: To detect and prevent fraud, spam, and abuse.
  • Copyright Enforcement: To address intellectual property violations, including DMCA takedowns.
  • Marketing: To send newsletters and offers. You may opt out anytime.
  • Analytics: To understand user behavior and improve our Services.

We may use automated tools, spam filters, fraud detection, or AI-assisted moderation to operate and secure the Services. We do not rely on automated tools to make legally significant decisions about you without appropriate human review where required by law.

2.1 Legal Bases for Processing (EEA/UK/Switzerland Residents)

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide Services, manage your account, and fulfill subscription or hosting orders.
  • Legitimate Interest (Art. 6(1)(f)): Analytics, fraud prevention, security, spam detection, and improving our Services.
  • Consent (Art. 6(1)(a)): Marketing emails, newsletters, and non-essential cookies.
  • Legal Obligation (Art. 6(1)(c)): Tax record-keeping, court orders, and DMCA obligations.

3. Disclosure of Data

We do not sell personal information for money. We do not share personal information for cross-context behavioral advertising unless expressly disclosed in this Privacy Policy and implemented through active advertising or analytics technologies.

3.1 Public Information

Any information you voluntarily post in a public area — such as your Business Profile — becomes publicly available and can be indexed by search engines. We are not responsible for how third parties use your publicly disclosed information.

3.2 Service Providers

  • Stripe, Inc.: Secure payment processing (stripe.com/privacy).
  • Klarna: Alternative payment — buy now, pay later (klarna.com/us/privacy).
  • SureCart: E-commerce checkout and subscription management.
  • Mailchimp (Intuit, Inc.): Email marketing and newsletter distribution.
  • Google Analytics: Traffic analysis; data may be transferred to the U.S.
  • Akismet (Automattic, Inc.): Automated spam filtering.
  • Self-hosted ad server: Runs on our own infrastructure; ad performance data is processed in-house and not shared with external ad networks.
  • FontAwesome (Fonticons, Inc.): Icon delivery via CDN.
  • Web Hosting Provider: Server infrastructure in the United States.

3.3 Advertisers and Sponsored Content

Advertisers do not receive personal information about individual users — only aggregate, anonymized performance metrics. Advertisers, sponsors, and listing owners may not submit fake reviews, misleading endorsements, undisclosed paid testimonials, fabricated business claims, or content that materially misrepresents experience, identity, results, qualifications, licensing, or affiliation. Sponsored or paid content is clearly labeled, and material connections must be disclosed. Advertisers are solely responsible for compliance with advertising laws.

3.4 Legal Compliance and Protection of Rights

We may disclose your information if required by law or in good-faith belief that it is necessary to comply with a legal obligation; assist copyright owners pursuant to the DMCA; or protect the rights, property, or safety of Polish Pages, Inc., our users, or the public.

3.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your Personal Data may be transferred. We will provide notice before your Personal Data becomes subject to a different privacy policy.

4. Data Retention

Data CategoryRetention Period
Account & Registration DataDuration of account + 2 years after deletion
Business Listing ContentDuration of active subscription + 12 months
Inactive Listing DataMinimum 24 months after last active subscription
Hosted Website Data (Hosting Clients)Duration of hosting agreement + 30 days grace (see §11)
Payment & Transaction Records7 years (IRS/tax compliance)
Ad Impression Data (ad server)13 months (anonymized aggregate longer)
Server & Access Logs90 days
Hosting Backups30 days rolling (unless longer agreed)
Analytics Data (Google Analytics)26 months
Marketing Consent RecordsDuration of consent + 3 years
Support Communications3 years after last interaction
Cookie Consent RecordsDuration of consent + 1 year

After the applicable period expires, we securely delete or anonymize your data. You may request earlier deletion, subject to legal obligations (Section 8).

5. Cookies and Tracking Technologies

We use cookies and similar technologies. When you first visit, you will see a cookie consent banner allowing you to accept, reject, or manage non-essential cookies. See our Cookie Policy for full details.

5.1 Types of Cookies We Use

  • Essential Cookies: Necessary for the site to function. Cannot be disabled.
  • Functional Cookies: Remember your preferences.
  • Analytics Cookies: Help us understand usage (e.g., Google Analytics). Set only with your consent.
  • First-Party Advertising Cookies: Our self-hosted Our self-hosted ad server may use first-party cookies to measure ad frequency and performance on our own platform. These do not track you across third-party websites.
  • Third-Party Marketing/Advertising Cookies: Not used unless disclosed here and implemented; if added, we will update this policy and request consent.

5.2 Your Cookie Choices

Manage preferences anytime via the “Cookie Settings” link in our footer. Where required by law, we honor recognized opt-out preference signals (such as Global Privacy Control), handled separately from cookie consent.

6. Data Security

We employ industry-standard security measures (SSL/TLS encryption). All payment data is encrypted and processed by our payment processors in compliance with PCI DSS standards. No method of transmission over the Internet is 100% secure.

We maintain reasonable administrative, technical, and physical safeguards appropriate to the size, scope, and nature of our business — including access controls, vendor review, logging, backup security, incident response, employee training, and secure disposal of data — consistent with the New York SHIELD Act and applicable law.

6.1 Data Breach Notification

In the event of a data breach likely to result in a risk to your rights and freedoms, we will: notify the relevant supervisory authority within 72 hours (GDPR Article 33), where applicable; notify affected individuals without unreasonable delay; comply with New York General Business Law §899-aa; and document the breach and remedial actions.

7. International Data Transfers

Polish Pages, Inc. is based in the United States. If you access our Services from Europe or other regions, your data will be transferred to and processed in the United States. For transfers from the EEA, the UK, or Switzerland to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or the UK International Data Transfer Addendum, where required. Polish Pages, Inc. does not hold certification under the EU-U.S. Data Privacy Framework and does not rely on the invalidated EU-U.S. Privacy Shield. Any prior Privacy Shield representations are withdrawn and superseded.

8. Your Data Protection Rights

8.1 Rights Under GDPR (EEA, UK, Switzerland Residents)

  • Right of Access (Art. 15)Rectification (Art. 16)Erasure (Art. 17)Restrict Processing (Art. 18)Data Portability (Art. 20)Object (Art. 21)Withdraw ConsentLodge a Complaint with a supervisory authority.

To exercise these rights, contact [email protected]. We respond within 30 days.

8.2 Rights Under CCPA/CPRA (California Residents)

Categories collected: Identifiers (name, email, phone, IP); commercial information (subscription history, transactions); internet activity (browsing, cookies, pages visited); geolocation (approximate from IP); professional/employment information (business name, descriptions).

Your CCPA Rights: Right to Know, Right to Delete, Right to Correct, Right to Opt-Out of Sale/Sharing, Right to Non-Discrimination.

We do not sell personal information for money and do not share it for cross-context behavioral advertising unless expressly disclosed in this policy and implemented through active technologies. Where required by law, we provide a “Do Not Sell or Share My Personal Information / Your Privacy Choices” mechanism and honor valid opt-out preference signals (including Global Privacy Control).

How to Exercise: Email [email protected] or call 212-929-6933. We verify identity before processing. We respond within 45 days (extendable by 45 with notice).

Financial Incentive Notice

We offer a free first-month trial for new subscriptions. This incentive is not contingent on collecting personal information beyond what is necessary to provide the service.

8.3 U.S. State Privacy Rights

Depending on your state of residence, you may have rights under applicable state privacy laws (such as those in California, Virginia, Colorado, Connecticut, Texas, and others) where the Company meets the law’s applicability thresholds. These may include the rights to access, correct, delete, and obtain a portable copy of your personal data, and to opt out of targeted advertising, the sale of personal data, and certain profiling. We honor recognized universal opt-out mechanisms (such as Global Privacy Control) where required by law. To exercise these rights, contact [email protected].

8.4 Subscription Cancellation

You may cancel recurring subscriptions at any time via your account dashboard to prevent future charges. Cancellation takes effect at the end of the current billing period.

9. Children’s Privacy

Our Services are not intended for individuals under 16. We do not knowingly collect Personal Data from children. If we become aware of inadvertent collection from a child under 16, we will promptly delete it.

10. Polish Pages Mobile Application

The Polish Pages mobile application collects limited data (location only when you tap “Near Me,” processed on-device; language preference stored locally; cached public content). The App has no user accounts and does not collect personal account information, payment data, browsing analytics, device/advertising identifiers, or tracking cookies. The App integrates no third-party analytics, advertising, or social SDKs — it contacts only our own websites (polishpages.compoland.us) to fetch public content. All App data is stored locally; uninstalling the App deletes it. Questions: [email protected].

11. Managed Website Hosting Services

This section applies exclusively to Clients who purchase website hosting from Polish Pages, Inc.

11.1 Our Role — Data Processor

When we host a website on behalf of a Client, we act as a data processor (GDPR Article 4(8)) for personal data the Client collects through their website. The Client remains the data controller, responsible for: the lawful basis for collecting visitor data; providing their own privacy policy, cookie notice, and terms; responding to data subject requests from their visitors; and obtaining consent where required. We process such data only on the Client’s documented instructions and do not use Client website visitor data for our own purposes.

11.2 Data We Store for Hosting Clients

Website files and content; CMS data (WordPress databases, posts, media, plugins, themes, internal user accounts); form submissions; e-commerce data (orders, customer records, products); server and access logs; and backups (30 days rolling unless longer agreed).

11.3 How We Use Hosting Data

Only to: operate, maintain, and secure the Client’s website; perform backups and disaster recovery; apply security patches and updates; provide technical support; and comply with legal obligations. We do not access, analyze, sell, or share Client website data for marketing, advertising, analytics, or any unrelated purpose.

11.4 Data Processing Agreement (DPA)

Hosting Clients who collect personal data from individuals in the EEA, UK, Switzerland, or comparable jurisdictions may require a DPA pursuant to GDPR Article 28 or equivalent. We enter into a DPA upon written request, at no additional cost. Our DPA covers the full Article 28 structure: subject matter and duration; nature and purpose of processing; data categories; data subject categories; controller instructions; confidentiality; security measures; subprocessor approval; breach assistance; DSAR assistance; return/deletion on termination; and audit/compliance evidence. To request a DPA: [email protected].

11.5 Subprocessors

Upstream hosting infrastructure provider (U.S.); CDN where applicable; email delivery services for forwarding form submissions; third-party backup providers where applicable. A current subprocessor list is provided to Hosting Clients on request, and we notify Clients of material changes per the Hosting Services Agreement.

11.6 Termination of Hosting Services

Upon termination we provide a reasonable grace period (minimum 30 days) to export data; provide a full backup on written request; securely delete Client hosting data from active systems within 60 days following termination; and retain backups no longer than the standard 30-day rolling period. Billing/invoice metadata is retained per Section 4.

11.7 Security of Hosting Data

Industry-standard measures (SSL/TLS in transit, access controls, security updates, firewall, monitoring). The Client remains responsible for application-level security except where our services explicitly include managed security.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last Updated” date indicates the latest changes. For material changes, we will notify you by email or a prominent notice. Continued use after changes constitutes acceptance.

13. Contact Us

Polish Pages, Inc.
Attn: Privacy Officer
209-34 Northern Blvd, #1100
Bayside, NY 11361, USA
Email: [email protected]
Phone: 212-929-6933