Privacy Policy
Last updated: 6 May 2026
PRIVACY POLICY
§ 1. Joint Controllers of Personal Data
The joint controllers of your personal data are six Polish limited liability companies operating as MTA Group. Zero Fluff Digital sp. z o.o. is the primary contracting entity for services purchased through pay.zerofluff.digital and the operational lead for data protection matters.
Zero Fluff Digital sp. z o.o.
Primary contracting entityAddress: ul. Świętego Marcina 29/8, 61-806 Poznań
Court: District Court Poznań – Nowe Miasto i Wilda, 8th Commercial Division
KRS: 0001174081
NIP: 7831930082
REGON: 541841870
Share Capital: PLN 5,000.00 (fully paid)
Representative: Radosław Kmita – Member of the Management Board
View other 5 Joint Controllers (MTA Group entities)▼
MTA Digital sp. z o.o.
Address: ul. Świętego Marcina 29/8, 61-806 Poznań
Court: District Court Poznań – Nowe Miasto i Wilda, 8th Commercial Division
KRS: 0000561985
NIP: 7831727441
REGON: 361723055
Share Capital: PLN 5,000.00 (fully paid)
Representative: Jakub Krystkowiak – President of the Management Board
MTA Performance sp. z o.o.
Address: ul. Świętego Marcina 29/8, 61-806 Poznań
Court: District Court Poznań – Nowe Miasto i Wilda, 8th Commercial Division
KRS: 0000784788
NIP: 7010922437
REGON: 383274210
Share Capital: PLN 5,000.00 (fully paid)
Representative: Mateusz Mikołajczyk – President of the Management Board
Anchor.Team sp. z o.o.
Address: ul. Świętego Marcina 29/8, 61-806 Poznań
Court: District Court Poznań – Nowe Miasto i Wilda, 8th Commercial Division
KRS: 0000969275
NIP: 7831856345
REGON: 521897892
Share Capital: PLN 5,000.00 (fully paid)
Representative: Wiktor Jacheć – President of the Management Board
Force of Nature Europe sp. z o.o.
Address: ul. Świętego Marcina 29/8, 61-806 Poznań
Court: District Court Poznań – Nowe Miasto i Wilda, 8th Commercial Division
KRS: 0001050399
NIP: 7831885358
REGON: 525999520
Share Capital: PLN 5,000.00 (fully paid)
Representative: Jacek Matuszewski – Member of the Management Board
SharkPress Agency sp. z o.o.
Address: ul. Świętego Marcina 29/8, 61-806 Poznań
Court: District Court Poznań – Nowe Miasto i Wilda, 8th Commercial Division
KRS: 0001181847
NIP: 7831932253
REGON: 542142080
Share Capital: PLN 5,000.00 (fully paid)
Representative: Wiktor Jacheć – President of the Management Board
Data Protection Contact
The Joint Controllers have appointed Mateusz Mikołajczyk as the contact person for personal data protection, who can be contacted via:
Email: [email protected]
Mail: Mateusz Mikołajczyk, ul. Świętego Marcina 29/8, 61-806 Poznań
In-Person: MTA Digital sp. z o.o. at ul. Bolesława Prusa 6/3, 60-819 Poznań
§ 1a. Essence of the Joint Controllership Arrangement (Art. 26(2) GDPR)
In accordance with Article 26(2) GDPR, this section sets out, in summary form, the essence of the Joint Controllership Arrangement concluded between the six Joint Controllers identified in §1.
- Equal joint controllership. All six Joint Controllers are joint controllers on equal terms; there is no master-controller, lead-controller or sub-controller hierarchy. Each Party remains directly responsible to data subjects and to PUODO under the GDPR.
- Single Point of Contact. The address [email protected] is designated as the Single Point of Contact for all data subject communications and supervisory authority enquiries. It is monitored by Zero Fluff Digital sp. z o.o. on behalf of all Parties.
- Operational lead — data subject rights & Privacy Policy. Zero Fluff Digital sp. z o.o. coordinates responses to requests under Articles 15-22 GDPR (access, rectification, erasure, restriction, portability, objection, automated decision-making) and maintains this Privacy Policy.
- Operational lead — personal data breach response. Mateusz Mikołajczyk is designated as the operational lead for incident response under Articles 33 and 34 GDPR.
- Right to exercise rights against any Party (Art. 26(3) GDPR). Notwithstanding the above operational allocations, you may exercise your GDPR rights against any one of the six Joint Controllers; no Party may decline to handle a request on the ground that another Party is the operational lead.
- Joint and several liability (Art. 82(4) GDPR). The Joint Controllers are jointly and severally liable to data subjects for the entire damage caused by joint processing, in order to ensure effective compensation.
A full copy of the Joint Controllership Arrangement is available to data subjects on reasoned request submitted to [email protected].
§ 2. Data Processing Overview
We obtain personal data directly from you when you conclude contracts, use our services, or contact us via forms. For maximum transparency, we've grouped data processing by purpose:
Service Delivery
Contract performance and service provision
Business Operations
Day-to-day activities and contractor cooperation
Communication
Contact forms and customer interactions
Website Analytics
Usage statistics and performance optimization
Legal Compliance
Accounting, claims, and regulatory requirements
Marketing
Newsletter delivery and social media management
| Purpose of personal data processing | Legal basis for the processing of personal data | Period of storage of personal data | Scope of personal data processed |
|---|---|---|---|
| Conclusion and performance of a contract for the provision of marketing/promotional/search engine optimization (SEO)/lead generation services/website development | The processing of your personal data is necessary for the performance of the contract for the provision of services to you. The legal basis for the processing of personal data is Article 6(1)(b) of the GDPR, i.e., processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. | We will process your personal data for the duration of the provision of services to you. We will process the data until the expiry of claims under the concluded service agreement at the latest. | Email address, first name, last name, street, house or apartment number, country, telephone number, bank account number, transaction amount, bank name. If the Customer is an entrepreneur, the following data is processed: company name, tax identification number, street, house or apartment number, country, telephone number. If the first and last name of the person placing the order on behalf of the Contractor is provided, this data is also processed. |
| Conducting day-to-day business activities, including cooperation with contractors who supply the Joint Controllers with products and services necessary for the Joint Controller's daily operations | The legal basis for the processing of personal data is Article 6(1)(b) of the GDPR, i.e. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract | Personal data will be processed for the duration of the business relationship or, alternatively, until the expiry of any claims arising therefrom | first and last name, company name, tax identification number, address, telephone number, email address |
| Contact with customers via the contact form available at https://mta.digital/pl/kontakt/ and https://www.anchor.team/contact | We process your personal data on the basis of your consent, i.e. pursuant to Article 6(1)(a) of the GDPR. The processing of your personal data is necessary in order to respond to your question asked via the contact form. The legal basis for the processing of personal data is Article 6(1)(b) of the GDPR, i.e. the need to take action at the request of the data subject prior to entering into a contract, or Article 6(1)(f) of the GDPR, i.e. the legitimate interest of the Joint Controllers in responding to potential customers. | We will process your personal data until you withdraw your consent. Subsequent withdrawal of consent does not affect the lawfulness of the processing of personal data from the period prior to its withdrawal. | First name, last name, email address |
| Statistics on the use of individual functionalities of the website https://mta.digital/pl/, https://www.anchor.team/pl and other Joint Controllers | Our legitimate interest in facilitating the use of services provided electronically and improving the functionality of these services. The legal basis for the processing of personal data in this case is Article 6(1)(f) of the GDPR, i.e., the legitimate interest of the Joint Controllers. | We will process your personal data for the duration of the storage of cookies, but no longer than for a period of 50 months. | For these purposes, we process personal data relating to your activity, such as: behavioral data on how individual users use the Joint Controllers' website and their preferences in this regard, the amount of time spent on the Joint Controllers' website; the number of visits to specific URLs (subpages) from specific phrases or media channels, data on the location of devices used by users to view websites belonging to the Joint Controllers, age, gender, other data about user activity on websites belonging to the Joint Controllers and on related websites, e.g., comments and reviews posted, activity on social networks, email address, IP address, other user identifiers, e.g., login, first and last name, mailing address, phone number, company name, tax identification number. |
| Establishing, pursuing, and enforcing claims. Internal accounting | Our legitimate interest in establishing, pursuing, and enforcing claims and defending against claims in proceedings before courts and other state authorities. The legal basis for the processing of personal data in this case is Article 6(1)(f) of the GDPR, i.e., the legitimate interest of the Joint Controllers. In addition, we process data on the basis of Article 6(1)(c) of the GDPR in conjunction with Article 74(2) of the Accounting Act in conjunction with Article 86 § 1 of the Tax Ordinance (i.e. due to the need to comply with legal obligations, e.g., accounting, bookkeeping, and tax obligations). | The data is processed for the period of limitation of claims resulting from the provisions of the Civil Code. All data processed for accounting and tax purposes is processed for a period of 5 years from the beginning of the year following the financial year in which the operations, transactions, and proceedings were finally completed, repaid, settled, or expired (i.e. in accordance with Article 74(2) of the Accounting Act of September 29, 1994 (i.e. Journal of Laws of 2023, item 120, as amended) in conjunction with Article 86 § 1 of the Tax Ordinance Act of August 29, 1997 - Tax Ordinance (i.e. Journal of Laws of 2025, item 111, as amended). | For this purpose, we may process certain personal data provided by you: first name, last name, company name, address, tax identification number (NIP), statistical identification number (REGON), PESEL number, accounting, financial data or data related to the claim (data related to the use of our services, if the claims result from the way you use our services, other data necessary to prove the existence of the claim, including the extent of the damage suffered). |
| Newsletter delivery | The legal basis for the processing of personal data for the purpose of sending the newsletter is the consent of the person to whom the newsletter is to be sent, expressed, for example, by ticking a checkbox. The legal basis for the processing of personal data in this case is Article 6(1)(a) of the GDPR, i.e., the consent of the data subject. | Personal data processed for the purpose of sending the newsletter is stored until the data subject withdraws their consent. Withdrawal of consent does not affect the lawfulness of the processing of personal data prior to its withdrawal. | In order to send the newsletter, we may process some of the personal data you provide: first name, last name, email address, image. |
| Maintaining social media accounts, including Facebook, Instagram, and LinkedIn | The legal basis for the processing of personal data is Article 6(1)(f) of the GDPR, i.e., the legitimate interest of the Joint Controllers in promoting the services offered by the Joint Controllers and undertaking other marketing activities. | Personal data is processed for the duration of a natural person's use of the websites made available by the Joint Controllers via Facebook, Instagram, and other social media. | The Joint Controllers process personal data made available by a natural person on social networking sites, most often including: first name, last name, nickname, image, etc. |
| Bookkeeping, accounting | The legal basis for the processing of personal data is: Article 6(1)(c) of the GDPR in conjunction with Article 74(2) of the Accounting Act in conjunction with Article 86 § 1 of the Act of August 29, 1997 - Tax Ordinance, i.e. the need to fulfill the legal obligation incumbent on Joint Controllers of Personal Data | The data is processed for the period of limitation of claims resulting from the provisions of the Civil Code. All data processed for accounting and tax purposes is processed for a period of 5 years from the beginning of the year following the financial year in which the operations, transactions, and proceedings were finally completed, repaid, settled, or expired (i.e. in accordance with Article 74(2) of the Accounting Act of September 29, 1994 (i.e. Journal of Laws of 2023, item 120, as amended) in conjunction with Article 86 § 1 of the Tax Ordinance Act of August 29, 1997 - Tax Ordinance (i.e. Journal of Laws of 2025, item 111, as amended). | Personal data such as first name, last name, company name, tax identification number, address, place of business, delivery address, bank account number. |
| IT services | The legal basis is Article 6(1)(f) of the GDPR, the legitimate interest of the Joint Controllers in ensuring the proper IT support for the services provided by the Joint Controllers. In addition, the Joint Controllers process personal data for IT services in connection with the recruitment and employment of Associates, as well as in connection with business cooperation with Contractors. | Personal data is processed for the duration of cookie storage. The Joint Controllers may process personal data for longer if this is necessary for the primary purpose of data processing (e.g., the Joint Controller processes personal data until the expiry of claims under the concluded contract). | Data resulting from cookies, as well as all other data that Co-administrators process in connection with IT services (e.g., data processed using e-mail), including in particular data of Customers, Contractors, and Job Candidates. |
| Implementation of the affiliate program | The legal basis is Article 6(1)(b) of the GDPR, i.e., the necessity to process personal data in order to ensure participation in the implementation of the partnership program, as well as Article 6(1)(f) of the GDPR, i.e., the legitimate interest of the Joint Controllers in increasing the number of Customers using their services. | Personal data is processed for the duration of the business relationship or until the expiry of any claims. | Data necessary to participate in the affiliate program, as specified in the form available at https://mta.digital/en/partners/, such as: e-mail address, company URL, interests, and data necessary to conclude the Agreement, such as first name, last name, registered office address, telephone number, company name, tax identification number, and details of the person representing the entity. |
| Maintaining a blog on the website at: https://mta.digital/pl/blog-2/ and at https://www.anchor.team/blog | Legal basis: Article 6(1)(f) of the GDPR, i.e., the legitimate interest of the Joint Controllers in promoting their own services | Personal data will be processed for the duration of the legitimate interest of the Joint Controllers of personal data or until an objection is raised | The blog run by the Joint Controllers of Personal Data may potentially process data such as: first name, last name, image. |
| Collecting customer opinions on the website at https://www.anchor.team/#Testimonials | Legal basis: Article 6(1)(f) of the GDPR, i.e., the legitimate interest of the Joint Controllers in surveying customer satisfaction with the quality of services provided | Personal data will be processed for the duration of the legitimate interest of the Joint Controllers of personal data or until an objection is raised | As part of the customer satisfaction survey on the quality of services provided, the following personal data is processed: first name, last name, company name |
| Conducting online conferences with potential customers | Legal basis: Article 6(1)(b) of the GDPR, i.e., the necessity to process personal data prior to entering into a contract, and Article 6(1)(f) of the GDPR, i.e., the legitimate interest of the Joint Controllers in enabling them to contact Customers as quickly as possible | Personal data will be processed for the duration of the business relationship or until any claims expire | As part of the processing of personal data related to the conduct of online conferences, the following personal data will be processed: first name, last name, email address, and other data required by the Calendly application used by the Joint Controllers of Personal Data |
| Maintaining a form enabling the resolution of problems encountered by Customers in the course of their business activities via the website at https://www.anchor.team/contact | Legal basis: Article 6(1)(f) of the GDPR, i.e., the legitimate interest of the Joint Controllers in resolving Customer problems related to their business activities, and Article 6(1)(b) of the GDPR, i.e., the necessity to process personal data in order to take steps prior to entering into a contract | Personal data will be processed for the duration of the business relationship or until any claims expire. | As part of the processing of personal data related to the operation of the form used to resolve problems encountered by Customers in the course of their business activities, the following personal data will be processed: first name, last name, e-mail address, telephone number, website address (if it contains personal data). |
§ 3. Data sharing
The administrator ensures that all personal data collected is used to fulfill obligations towards users. This information will not be disclosed to third parties, except in situations where:
- the data subjects have given their prior explicit consent to such action, or
- the obligation to transfer this data results or will result from applicable law, e.g., to law enforcement authorities.
Recipients of Personal Data
In addition, the personal data of service users and customers may be transferred to the following recipients or categories of recipients:
Service Providers
Companies supplying technical, IT, and organizational solutions enabling business activities, including website and electronic services (computer software providers, e-mail and hosting providers, management software providers).
Examples: Google LLC, Google Ireland Limited, Autenti sp. z o.o., Asana Inc., Web INnovative Software sp. z o.o., Home.pl S.A., OVH sp. z o.o., Notion Labs Inc., ZIELINAMEDIA sp. z o.o., Loom Inc., Pipedrive Inc., Mango Technologies Inc.
Accounting, Legal, and Consulting Service Providers
Companies providing accounting, legal, or consulting support (accounting office, law firm, debt collection company).
Examples: MSRR Szymańska sp. z o.o. sp.k. and Krafton Accounting XON sp. z o.o. sp.k.
Transport and Product Delivery Services (Couriers)
Service providers used to identify the recipient of orders and deliver products.
International Data Transfers
The Administrator may share anonymized data with external service providers to better recognize the attractiveness of advertisements and services to users. Data may be transferred to third countries that ensure adequate protection through standard contractual clauses or other legal mechanisms.
Google LLC Services
Google Analytics for website statistics, Google Tag Manager for script management, Google Ads for sponsored links, Google Workspace for website editing and coordination.
Meta Platforms, Inc.
Facebook pixel for tracking conversions, optimizing ads, and building targeted audience lists.
Google Analytics Opt-out: Visit www.google.com/policies/privacy/partners for more information or download the opt-out plugin at http://tools.google.com/dlpage/gaoptout
Data Security Measures
The Administrator takes all necessary measures to ensure appropriate security of personal data processing.
- Subcontractors and cooperating entities must guarantee appropriate security measures
- Data sharing only with entities meeting GDPR Articles 46 or 49 requirements
- EU standard contractual clauses and other safeguards for transfers outside the EEA
- Continuous assessment of legal systems in data recipient countries
- Compliance with EU-US Data Privacy Framework for US data transfers
§ 4. User rights
A User whose personal data is being processed has the right to:
Access & Control
Request access to personal data, rectification, erasure ("right to be forgotten"), restriction of processing, objection to processing, and data transfer rights.
Based on Articles 15-21 of the GDPR
Consent Management
Withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Based on Article 6(1)(a) or Article 9(2)(a) of the GDPR
Supervisory Authority
Lodge a complaint with the supervisory authority (President of the Personal Data Protection Office in Warsaw) regarding data processing violations.
Objection Rights
Object to processing based on public interest, legitimate interests, or direct marketing purposes, including profiling.
How to exercise your rights: Send your request to [email protected]
§ 5. Right to lodge a complaint with a supervisory authority
If the processing of personal data violates the law, you have the right to lodge a complaint with the supervisory authority regarding the processing of personal data by the Personal Data Administrator. Complaints may be submitted to the President of the Personal Data Protection Office (the Office of the President of the Personal Data Protection Office is located in Warsaw (00-014, at 1A Moniuszki Street)).
§ 6. Cookies
Cookies are IT data, in particular text files, stored on users' end devices (usually on a computer hard drive or mobile device) used by the user's browser to save specific settings and data for the purpose of using websites. These files allow the user's device to be recognized and the website to be displayed appropriately, ensuring comfort during its use. The storage of cookies therefore enables the website and its offer to be tailored to the user's preferences - the server recognizes and remembers, among other things, preferences such as visits, clicks, and previous actions.
Cookie Usage by Website
MTA Digital
Website: https://mta.digital/
- • 21 essential cookies
- • 3 cookies used to adapt the website to user preferences
- • 10 cookies used for statistical analysis, research, or audience auditing
- • 21 cookies used to serve advertisements
- • 1 unclassified cookie
Zero Fluff Digital sp. z o.o.
Website: https://zerofluff.digital/
- • 1 essential cookie
- • 6 analytical cookies
- • 3 cookies supporting advertisements
- • 1 performance cookie
- • 1 cookie of a different nature
No cookies are collected on: https://www.anchor.team/
Cookie Types and Purposes
By using the website available at https://mta.digital/ or https://zerofluff.digital/, you consent to the installation of so-called essential cookies on the end device of the person using the Website. Consent to the installation of necessary cookies is a prerequisite for using the Co-administrators' website. With regard to other categories of cookies, the user has the option of consenting to their use by the Co-administrators, which, however, is not a prerequisite for using the Co-administrators' website. With regard to cookies other than essential cookies, consent is given through the web browser settings. If the User does not agree to the use of cookies other than those that are necessary, they should change their browser settings accordingly or opt out of using the Website (more information below). However, this will not prevent the use of the Co-administrators' website.
The table below shows the types of cookies used by the websites https://mta.digital/ and https://zerofluff.digital/, along with additional information about the purpose of each cookie.
| Type of cookie | Characteristics |
|---|---|
| Session cookies | These cookies are used to process information that allows the user's session to be maintained until the web browser is closed. In principle, session cookies do not collect personal data in a way that would allow direct identification of the user. Their main task is to store information about the current browsing session, such as the contents of the shopping cart in an online store or the login status. However, in certain situations, the information collected by cookies, in combination with other data, could potentially lead to the identification of a person. |
| Long live cookies | These cookies enable the personalization of services for Users – saving search criteria. Long-term cookies can potentially collect personal data. |
| Third-party cookies | These cookies are placed by third parties. In the case of our website, this is the provider of the Cookiebot tool. For more information on the processing of personal data by the Cookiebot tool, please visit https://www.cookiebot.com/en/privacy-policy/. Although cookies do not directly store your name, email address, or phone number, they can identify you through your IP address, device ID, or other unique identifiers. This data, combined with other information collected by cookies, can be used to create a user profile and track your activity on the web. |
| Type of cookie | Characteristics |
|---|---|
| Essential/Necessary cookies | Essential cookies contribute to the usability of the website by enabling basic functions such as website navigation and access to secure areas of the website. The website cannot function properly without these cookies. Essential cookies do not, as a rule, collect personal data in a way that would allow a specific person to be identified. Although they do not collect personal data, in some cases, when combined with other information, they can potentially contribute to the identification of the user. |
| Preference cookies | Preference cookies allow the website to remember information that changes the appearance or functionality of the website, such as the preferred language or region where the user is located. Preference cookies, such as those that remember language or display settings, may collect personal data. |
| Statistical/analytical cookies | Statistical cookies help website owners understand how different users behave on the website by collecting and reporting anonymous information. Cookies allow for counting visits to the websites of personal data co-controllers and traffic sources, counting the number of users, and thus measuring and statistically analyzing how users use the website. The above-mentioned cookies may potentially collect personal data in the form of so-called behavioral data, i.e., data on how the website is used, which may be considered personal data. |
| Marketing/Advertising cookies | Marketing cookies are used to track users on websites. The aim is to display advertisements that are relevant and interesting to individual users and thus more valuable to third-party publishers and advertisers. These files collect information about user behavior obtained while browsing the website in order to display advertisements related to the user's browsing profile. These cookies may collect information about location, preferences, browsing history, and user behavior, which may also be considered personal data. |
| Unclassified cookies | Unclassified cookies are cookies that are in the process of being classified, along with the providers of individual cookies. |
Cookie Declaration
The following table lists all cookies used on this website:
Cookie Information and Usage
The information stored in cookies on websites is used by the Joint Controllers, with the exception of files specified as "third-party cookies." Third-party cookies are cookies used and managed by external entities to provide services required by us to improve our services and the User's experience when browsing our website. The main services for which third-party cookies are used are obtaining access statistics.
As part of cookie technology, Co-controllers may use tracking pixels or clear GIF files to collect information about how you use their services and your response to marketing messages sent by email.
Co-administrators may use web log files (which contain technical data such as the user's IP address) to monitor traffic within their services, resolve technical problems, detect and prevent fraud, and enforce the provisions of the User Agreement.
The controller does not use any cross-site tracking technologies, and the personal data collected about each user is not sold or shared for the purpose of advertising based on the collection of multi-contextual behavior from different websites.
The Administrator informs that the website does not respond to DNT (Do Not Track) signals, but the user can disable certain forms of online tracking, including some analytics and personalized advertising, by changing the cookie settings in their browser or using our cookie consent tools (if applicable).
Detailed information on changing cookie settings and deleting cookies yourself in the most popular web browsers is available in the help section of your web browser and on the following pages (just click on the link):
Detailed information on managing cookies on your cell phone or other mobile device should be available in the user manual for that mobile device.
Last Updated: 6 May 2026