Terms & Policies
Privacy & Cookie policy
We are committed to protecting your personal data and ensuring transparency in how we process it. Please read our fundingbox.com Website Privacy policy to find out how we collect and treat your personal data.
The data controllers are all entities in the FundingBox capital group as the Joint Controllers. All FundingBox entities have agreed on common data processing purposes.
In all matters regarding personal data, you can contact us using the following email address: privacy@fundingbox.com.
The essence of the arrangement is available here.
All terms should be understood in accordance with the Website Terms of Use available at: fundingbox.com/trust/terms/.
- Purposes, legal basis and retention of data processing
Purpose of processing and legitimate interests | Legal basis for processing | Retention period |
| The legitimate interest of the data controller | 1 year from the last visit to the Website. |
| For the period of maintaining ongoing relationships (e.g. answering questions, presenting offers, exchanging correspondence), and after the termination of the relationship for a period of one year. | |
| Until the limitation period for claims expires. | |
| Obligation under the GDPR to provide the data subject with information | 5 years from the date of completion of responding to the request. |
| Consent | Until consent withdrawal. |
If you subscribe to this newsletter and are also a registered user of one of our platforms, including the OnePass platform, the legal basis for the processing of your personal data will be the legitimate interest of the data controller | Until an effective objection is raised or until the potential claims expire. | |
| Consent | Until consent withdrawal. |
- Who has access to personal data?
Joint Controllers will transfer personal data only to trusted recipients such as marketing and event agencies, IT service providers, accountants, law firms, postal and courier companies (who process personal data on the controllers’ behalf).
Due to the fact that we use the services of Google LLC and HubSpot, Inc., your data may be transferred to the USA. We have concluded an agreements with them – the so-called Standard Contractual Clauses. This means that in accordance with the decision of the European Commission No. 2021/914 EU of June 4, 2021, your personal data may be processed by this company in the USA. More information about the decision at:
https://fundingbox.com/trust/transfer-outside-eea/.
Your data can be shared with our business partners, in particular if you agree to realisation of purpose number 6 above.
- External links
The Website contains links leading to sites external to the Website. Some of them are not managed by the Controller. These websites may have their own privacy policies and regulations, which we recommend that you read.
- What rights do you have regarding the processing of your personal data?
Due to the fact that we process your personal data, you have the right to:
- request access to your personal data,
- data portability,
- demand the rectification of their personal data,
- request to remove or limit the processing of your personal data,
- complain with the supervisory authority
(https://edpb.europa.eu/about-edpb/about-edpb/members_en), - consent withdrawal.
Withdrawal of consent does not affect the lawfulness of the processing carried out on its basis before its withdrawal.
You also have a right to object to processing of your personal data for all purposes indicated above (according to the Article 21 of GDPR).
- How can you notify us of your desire to exercise your rights?
You can exercise your rights in person at the Controller’s office, by post or e-mail (the Controller’s contact details are provided at the beginning).
In response to your request, you may be asked to provide data necessary to identify your personal data (including finding them) or verify your identity (confirming that you are the person you claim to be).
- Where does the Controller obtain data?
As a rule, the Controller obtains data directly from you. If we obtain data from another source, you will be informed separately and clearly.
- Is providing data voluntary?
Providing data is generally voluntary. Whenever data is provided:
- voluntary, but necessary to achieve specific purposes (e.g. receive newsletter) or
- obligatory (e.g. it will result from legal provisions)
you will be informed about this separately and clearly (e.g. within the form through which personal data will be collected).
- Cookies policy
- General information
Cookies are small text files that are placed on your device by websites you visit. They are commonly used to make websites work or be more efficient, as well as to provide information to website owners.
- For what purpose does the Controller use cookies?
We use two types of cookies:
- necessary cookies are essential for the basic functioning of the Website. They enable core features such as security, network management, and accessibility. Without these cookies, the Website cannot perform properly,
- optional cookies, are used to enhance your experience. They help us understand how you interact with the Website, allowing us to improve our services and personalize your experience. You can choose to enable or disable these cookies at any time.
Our use of essential cookies – unlike optional cookies – does not require your consent.
Taking into account the purpose of using files, the Controller may use three categories of cookies:
- functional cookies – these cookies are set by us to implement additional functionalities or improve the functionality and performance of the website, but they are not directly related to the requested service,
- analytical cookies – used to collect data about how users interact with a website, helping to improve performance and user experience by tracking metrics like page views and session duration,
- marketing cookies – designed to track users across websites, enabling personalized advertising and targeted marketing based on user behavior and preferences.
The indicated data is not combined with information such as name and surname, e-mail address and other data enabling easy identification of the person visiting the website.
- What cookies do we process?
Cookie name | Provider | First/Third Party | Purpose | Retention |
Necessary cookies | ||||
cookielawinfo-checkbox-* | Cookie Law Plugin | First-party | Stores consent for individual cookie categories. | 1 year |
viewed_cookie_policy | Cookie Law Plugin | First-party | Stores information that the user has viewed the cookie policy. | 1 year |
cmplz_preferences | Complianz | First-party | Stores user preferences regarding cookies. | 1 year |
Functional cookies | ||||
hs_ab_test | HubSpot | First-party | Stores results of A/B tests. | Session |
WP_PREFERENCES_USER_* | WordPress | First-party | Stores user preferences in WordPress-based services . | 1 year |
wpEmojiSettingsSupports | WordPress | First-party | Emoji support settings in WordPress. | Session |
wordpress_test_cookie | WordPress | First-party | Checks if the browser accepts cookies . | Session |
wfwaf-authcookie* | Wordfence | First-party | User authorization for Wordfence security . | 12 hours |
wordpress_logged_in_* | WordPress | First-party | User authentication and session maintenance. | Session |
activetab | website | First-party | used to store information about the currently open tab on a website. This ensures that when a user refreshes the page or navigates to other sections, they are brought back to the same tab they were viewing, improving user experience and navigation continuity. | Session |
SERVERID* | website | First-party | Load balancing on servers. | Session |
Google Fonts API | Third-party | Loads fonts from Google. | 1 year | |
cmplz_functional | Complianz | First-party | Stores consent for functional cookies. | 1 year |
wp-settings-time-* | WordPress | First-party | This cookie is used to store the time at which the WordPress settings for the user were set or updated. It helps to ensure that the user’s preferences are applied correctly during future sessions. | 1 year |
wp-settings-* | WordPress | First-party | This cookie stores user-specific settings for the WordPress admin interface, ensuring that preferences like dashboard layout and editing preferences are saved. It helps maintain a personalized user experience by keeping these settings consistent across sessions. | 1 year |
*_key | HubSpot | First-party | This cookie is used for securing user sessions by storing tokens or keys that authenticate the user. It helps prevent unauthorized access by verifying that the user is indeed who they claim to be. | 2 weeks |
Analytical cookies | ||||
__hstc | HubSpot | First-party | Visitor tracking. | 13 months |
__hssc | HubSpot | First-party | Session tracking. | 30 minutes |
cmplz_statistics | Complianz | First-party | Stores consent for statistical cookies. | 1 year |
__hs_do_not_track | HubSpot | First-party | Opt-out of tracking by HubSpot. | 6 months |
__hs_cookie_cat_pref | HubSpot | First-party | Stores cookie category preferences. | 6 months |
hs-messages-is-open | HubSpot | First-party | Tracks if the chat window is open. | Session |
debug | website | First-party | This cookie is used to collect data for debugging purposes, enabling developers to identify and fix errors in the application. It helps ensure smooth functionality by logging potential issues and providing information for troubleshooting. | 100 days |
loglevel | website | First-party | This cookie stores the current log level for an application, which determines the amount of diagnostic information to record. It helps developers maintain control over logging during debugging processes, ensuring they capture the right level of detail. | 1 year |
_cltk | Microsoft Clarity | First-party | This cookie is used by Microsoft Clarity to store an anonymous user identifier, helping track user behavior on a website without storing personal data. It assists in analyzing user interactions for improving website performance and design. | 1 year |
_clck | Microsoft Clarity | First-party | This cookie is used by Microsoft Clarity to retain a unique user identifier across different sessions, enabling consistent tracking of user activity. It helps in understanding repeat user behavior and optimizing the user experience. | 1 year |
_clsk | Microsoft Clarity | First-party | This cookie is used by Microsoft Clarity to record a unique session identifier, which helps track the activities within a single browsing session. It provides detailed insights into user behavior during a specific visit to a website. | 1 day |
Marketing cookies | ||||
GPS | YouTube | Third-party | Tracks user’s location. | 30 minutes |
VISITOR_INFO1_LIVE | YouTube | Third-party | Stores YouTube settings and preferences. | 6 months |
YSC | YouTube | Third-party | Tracks user session watching YouTube videos. | Session |
PREF | YouTube | Third-party | Stores preferences for video playback on YouTube. | 8 months |
cmplz_marketing | Complianz | First-party | Stores consent for marketing cookies. | 1 year |
__hsmem | HubSpot | First-party | Identifies members for marketing purposes. | 1 year |
messagesUtk | HubSpot | First-party | Identifies users for live chat and marketing. | 13 months |
- Controlling and deleting cookies
Most browsers offer the ability to accept or reject all cookies. The user can manage the saving of cookies in the browser settings.
However, please remember that blocking all cookies may cause difficulties in the operation of the Website or completely prevent the use of some of its functionalities.
Managing and deleting cookies varies depending on the browser you use. Detailed information on how to manage cookies can be obtained by using the Help function in your browser or by visiting the website https://allaboutcookies.org/, which explains how to control and delete cookies in most browsers.
You can also read information about cookie management directly on the websites of individual web browsers:
- Operational data
Even if cookies are not installed, the website Controller may gain access to data describing how the Website is used (“operational data”), in particular:
- the IP address assigned to your device or the external IP address of your Internet provider,
- domain name,
- browser type,
- access time,
- type of operating system.
To maintain the highest quality of our Website, we occasionally review log files to see which pages are visited most frequently. We might also gather navigational data, such as the links and references you click on and other activities you perform on the Website. This helps us understand how to make our services better and more user-friendly. The legal basis for this is our legitimate interest (Article 6.1(f) of the GDPR) in enhancing the usability and functionality of our online services.
- Personal data protection
In certain exceptional situations, information obtained through cookies and operational data may be considered personal data under the GDPR. If this information is classified as personal data, FundingBox will act as the personal data controller. Even if there is uncertainty about whether a specific category of information qualifies as personal data, the Controller will protect this information as if it were personal data.
Processing the above categories of data, as necessary for the proper display of the Website (necessary cookies), is based on the legitimate interest of the Website Controller (Article 6.1(f) of the GDPR). For this purpose, we may occasionally analyze log files to:
- Determine which browsers are used by visitors to the Website,
- Identify the most and least frequently visited tabs or subpages,
- Ensure the Website is free from errors,
- Stop the distribution of malicious codes,
- Interrupt denial-of-service attacks.
You have the right to object to the processing of your personal data as described above.
Recipients of this data may include entities providing IT services to the Controller.
- Deleting operational data and data obtained through the cookie mechanism
The retention period of cookies, i.e. the period after which these files will be deleted, has been specified in point 8.3 above.
If we obtain your personal data as part of the services described above, they will be deleted or anonymized no later than after the expiry of the limitation period for potential claims related to the use of the Website or earlier if you submit an effective objection.