PrivacyPolicy
We handle your data with the same precision we apply to deep tech ventures.
Introduction
This Privacy Policy explains in detail how H1 Spółka z ograniczoną odpowiedzialnością, operating as HORAIZON Labs (“we”, “us”, or “our”), collects, uses, stores, and protects your personal data when you visit horaizonlabs.com, interact with our content, or contact us.
We are committed to protecting your privacy and handling your data in a transparent, lawful, and responsible manner — in full compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Polish data protection law, including the Act of 10 May 2018 on the Protection of Personal Data.
Please read this policy carefully before using our website or submitting any personal data to us.
Data Controller
A data controller is the entity that determines the purposes and means of processing personal data. For all data processing activities described in this policy, the data controller is:
H1 Spółka z ograniczoną odpowiedzialnością
KRS: 0001144670 · NIP: 2220930653 · REGON: 540428292
Marszałkowska 58/15, 00-545 Warszawa, Poland
Contact: hello@horaizonlabs.com
Data We Collect
A — Data You Provide Directly
- Contact form: Full name, email address, message content, and optionally company name or phone number.
- Email correspondence: Any personal data contained in emails you send directly to us.
We do not intentionally collect special categories of personal data (health, religion, political opinions, biometric data, sexual orientation). Please refrain from including such data in communications.
B — Data Collected Automatically
- IP address (may be anonymized), browser type and version, operating system, device type
- Screen resolution, referring URL, pages visited, navigation paths
- Time and duration of visits, click and scroll patterns
C — Hotjar Behavioral Analytics
We use Hotjar (Hotjar Ltd., Level 2, St Julian's Business Centre, Malta — EU) to understand how visitors interact with our website through heatmaps and session recordings.
- Mouse movement paths and cursor positions
- Scrolling depth, click and tap locations
- Keypress patterns — excluding passwords and sensitive fields (auto-masked)
- Session recordings: screen video replay of your browsing interaction
- Heatmaps: aggregated visual interaction data across all visitors
- Device type, browser, OS, and session duration
Opt-out: hotjar.com/legal/compliance/opt-out
Hotjar Privacy Policy: hotjar.com/legal/policies/privacy
Hotjar is certified under the EU-US Data Privacy Framework.
D — Cookies
- Session cookies — necessary for basic website functionality
- Hotjar cookies —
_hjSession,_hjSessionUser,_hjAbsoluteSessionInProgress
We do not use advertising cookies, retargeting pixels, Facebook Pixel, or Google Ads tracking.
Managing cookies by browser:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions → Cookies and site data
Data Flow Overview
You
Contact Form
horaizonlabs.com
HORAIZON Labs
Warsaw, PL
You
Hotjar Script
client-side
Hotjar Servers
Malta, EU
You
Server Logs
nginx / infra
Hosting (EU)
infrastructure
Legal Basis for Processing
- Art. 6(1)(b) — Contract performance: When you contact us to discuss collaboration, partnership, or service engagement, processing your contact data is necessary to take steps at your request prior to entering into any agreement.
- Art. 6(1)(f) — Legitimate interests: We rely on this basis for Hotjar analytics, server log processing, website security, and performance monitoring. We have conducted a legitimate interest balancing test and concluded our interests are not overridden by your fundamental rights, given the limited nature and privacy protections in place. You retain the right to object (see Section 09).
- Art. 6(1)(a) — Consent: Where we rely on consent for any future communications, we will explicitly request it and provide a clear mechanism to withdraw it at any time without detriment.
How We Use Your Data
- Responding to your inquiries, messages, and contact form submissions
- Evaluating and following up on potential collaboration, partnership, or investment opportunities
- Improving website usability, navigation, and content based on behavioral analytics
- Ensuring website security, detecting fraud, and preventing unauthorized access
- Maintaining server performance and diagnosing technical issues
- Complying with our legal and regulatory obligations
- Internal record-keeping and business administration
We do NOT:
- Sell, rent, or trade your personal data to any third party
- Share your data with advertisers or advertising networks
- Use your data for automated decision-making with legal effects
- Build behavioral advertising profiles based on your browsing
- Send unsolicited marketing communications without explicit consent
We do not sell, rent, or share your personal data for third parties' own commercial purposes. Data is shared only in the following limited circumstances:
- Hotjar Ltd (Malta, EU) — as a data processor for behavioral analytics, bound by a Data Processing Agreement under GDPR Art. 28.
- Hosting and infrastructure providers — operating within the EU/EEA and bound by contractual data protection obligations.
- Legal and professional advisors — where necessary for legal advice, audit, or compliance purposes, subject to professional confidentiality.
- Regulatory or law enforcement authorities — where legally required by applicable law, court order, or binding regulatory authority request.
| Provider | Purpose | Location | Data Shared | Policy |
|---|---|---|---|---|
| Hotjar Ltd. | Behavioral analytics | Malta, EU | Mouse, scroll, clicks, session recordings | View |
| Hosting provider | Website infrastructure | EU / EEA | Server logs, IP address, request data | N/A |
| Email (SMTP) | Contact form delivery | EU / EEA | Name, email, message content | N/A |
International Data Transfers
Hotjar Ltd. is incorporated and operates within the European Union (Malta). Data collected by Hotjar is primarily processed within the EEA. Where any transfer outside the EEA occurs, appropriate safeguards are ensured under GDPR Chapter V, including:
- Adequacy decisions issued by the European Commission
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Certification under the EU-US Data Privacy Framework
Your contact form data and email correspondence are not transferred outside the EEA in the ordinary course of our operations.
Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected, or as required by applicable law:
Contact Form Data
Max 2 years
From date of last contact
Hotjar Analytics
~1 year
Per Hotjar retention policy
Server Logs
Up to 12 months
Security & performance
Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymized.
Your Rights Under GDPR
As a data subject, you have the following rights under the GDPR. We are committed to facilitating their exercise promptly and without undue delay.
Access
Request a full copy of all data we hold about you.
Art. 15
Rectification
Correct inaccurate or incomplete personal data.
Art. 16
Erasure
Request deletion of your data where lawfully applicable.
Art. 17
Restriction
Limit processing while accuracy or grounds are contested.
Art. 18
Portability
Receive your data in a structured, machine-readable format.
Art. 20
Object
Object to processing based on our legitimate interests.
Art. 21
No Auto-Profiling
We do not use automated decision-making with legal effects.
Art. 22
How to exercise your rights:
Email hello@horaizonlabs.com. We will verify your identity and respond within 30 calendar days. In complex cases this may be extended by two months, with prior notice.
Right to lodge a complaint — UODO
If you believe we have not handled your data lawfully, you may lodge a complaint with the Polish data protection authority: Urząd Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warszawa · uodo.gov.pl
Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, accidental loss, destruction, alteration, or disclosure:
- Encryption of data in transit via HTTPS/TLS protocols
- Access controls limiting who can access personal data internally
- Use of reputable third-party processors with established security practices
- Regular review of our security measures and data processing practices
- Incident response procedures to address potential data breaches
In the event of a personal data breach likely to result in risk to your rights, we will notify the competent supervisory authority within 72 hours and inform affected individuals without undue delay where required by law.
No method of transmission over the internet is 100% secure. If you suspect a breach, contact us immediately at hello@horaizonlabs.com.
Children's Privacy
Our website and services are not directed at, and are not intended for use by, children under the age of 16. We do not knowingly collect personal data from minors.
If we become aware that we have inadvertently collected personal data from a child under 16, we will take immediate steps to delete that data. Please contact us at hello@horaizonlabs.com if you believe this has occurred.
Links to External Websites
Our website may contain links to third-party websites including partner organizations, portfolio companies, or reference materials. These links are provided for convenience only.
We are not responsible for the privacy practices, content, or security of any third-party websites. We encourage you to review the privacy policy of any external site you visit. The inclusion of a link does not constitute endorsement of the third party's privacy practices.
Changes to This Policy
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, or regulatory requirements. The “Last Updated” date at the top of this page will be revised accordingly.
Where changes are material, we will make reasonable efforts to communicate them — for example by posting a notice on the homepage. Continued use of our website following any changes constitutes acceptance of the updated policy.
Contact Us
For any questions, requests, or concerns relating to this Privacy Policy or our data processing practices, please contact us. We aim to respond to all data subject requests within 30 calendar days.
Questions about your data?
Get in touch with us
We'll respond within 30 days for data subject requests, and within 5 business days for general inquiries.
hello@horaizonlabs.com© 2026 H1 Sp. z o.o. All rights reserved.
Back to homepage