Privacy Policy
Privacy Policy
MAN DIGITAL spółka z o.o. is a company providing revenue operations, CRM administration, HubSpot implementation and optimisation, marketing operations, campaign support, reporting, integrations, automation, AI-enabled operations, training and advisory services ('Service'), doing business as 'Man Digital.'
We care about your personal data you entrust with us. Demonstrating Man Digital’s engagement in personal data protection, we are bringing you the key facts about how we handle personal data processing.
We are GDPR compliant
GDPR is the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
1. Data Controller and contact
MAN DIGITAL spółka z o.o. based in Krakow, ul. Przemysłowa 12, 30-701 Krakow, taxpayer's id. no. NIP: 6793122378, business registry id. no. REGON: 363690740, entered in the National Court Register under entry number: KRS 0000601189 is the data controller of the personal data described in this Privacy Policy and acts as a processor for personal data processed on behalf of its Clients.
You can reach out to us in any question regarding privacy at hello@man.digital.
2. What do we do
We provide revenue operations, CRM administration, HubSpot implementation and optimisation, marketing operations, sales and customer operations support, campaign and content support, reporting, integrations, automation, AI-enabled operations, training and advisory services for our Clients. In this work, we may process business contact data, customer and prospect records, CRM activity, engagement signals, website and form data, campaign data, reporting data and operational notes needed to deliver the Service.
In order to perform our Service, we process:
- (as a data controller) data about visitors to our website, including IP address, technical browser data and, if you contact us, your name, email address and message ('Visitor').
- (as a data controller) personal data of our Clients, referred to as ('You').
- (as a processor on Your behalf) personal data of Your potential and existing customers.
3. How do we collect personal data
Your personal data
Man Digital collects personal data such as name, business email address, phone number, job title, company details, company tax ID (NIP), billing details and correspondence during the process of entering into and performing a contract.
You may reach out by signing into our newsletter, signing into our webinars, or by leaving a message via our website through the contact form or chat. We always ask for your consent to send you marketing information regarding any of these channels.
Man Digital may reach out for new cooperation possibilities via email so relevant businesses can get in touch with Man Digital. Where required by the law of your country, we ask for your prior consent before sending commercial offers electronically; otherwise we rely on our legitimate interest as described under “Prospecting data”.
You can always object to processing or withdraw your consent by clicking “Unsubscribe” or writing to hello@man.digital.
Email tracking
With your consent, emails we send, including newsletters, marketing emails and one-to-one business emails, may contain a small invisible image (tracking pixel) and customised links provided by HubSpot. These technologies tell us whether you opened an email, which links you clicked, and when and on which device this happened. We use this information to measure the performance of our communications and to tailor relevant follow-up.
Email open and click tracking is based on your consent. You can refuse or withdraw this consent at any time without affecting your ability to receive service or transactional emails, by using the unsubscribe or manage-preferences link in our emails or by writing to hello@man.digital. If you disable automatic image loading in your email client, open tracking may not work. We may use limited email engagement data without consent only where strictly necessary for deliverability and list hygiene, for example to stop sending emails to inactive recipients.
Use of artificial intelligence
We use AI models and AI-assisted tools, including tools from providers such as Google, OpenAI, Anthropic and other proprietary or open-source providers, to support our internal processes and the Services we provide to Clients. This may include cleaning and deduplicating CRM data, enriching and qualifying business contact records, analysing engagement signals, summarising operational data, drafting and personalising communications, preparing reports, supporting automation and improving marketing, sales and customer operations workflows.
When personal data is processed in this way, we limit it to business contact, CRM, customer/prospect and engagement data needed for the relevant purpose. We use business-grade services under appropriate contractual terms or data processing agreements where available, and we configure those services so providers are not permitted to train their models on our data where the service gives us that control. We do not use AI to make decisions producing legal or similarly significant effects about you by solely automated means. AI-assisted communications and operational outputs are subject to human review where the result may affect a person, prospect, customer or Client relationship.
A current overview of the categories of service providers we use is available on our Third-Party Services page or on request at hello@man.digital.
Prospecting data (data we collect from other sources)
For our own business development, we collect and store limited professional contact data about individuals at companies that may benefit from our services, such as name, job title, employer, business contact details and publicly available professional profile information. B2B contact data is still personal data under GDPR, even when it relates to a person's professional role.
We obtain this data from publicly available professional sources, such as LinkedIn, and from licensed B2B data providers, such as Apollo. We may also enrich it using HubSpot enrichment features and other business-data tools. We process prospecting data as a data controller on the basis of our legitimate interest in reaching businesses relevant to our services (Art. 6(1)(f) GDPR), having assessed that processing limited professional data in a B2B context is within the reasonable expectations of the individuals concerned. We do not rely on consent for ordinary B2B prospecting enrichment unless a specific consent is separately collected.
Where you submit a form, register for a webinar, subscribe to our communications, contact us, or otherwise provide your business details directly, we may enrich or update the related company and contact record using HubSpot and other business-data tools so we can handle the enquiry, qualify the business context, keep CRM records accurate, deliver requested services, and send relevant follow-up where permitted by law.
We retain prospecting data for up to 3 years from our last meaningful interaction with you, such as a reply, click, meeting, form submission or other relevant business engagement. After that period, records are deleted or anonymised, unless a business relationship has developed, you have objected and we need to keep a minimal suppression record, or a longer period is required for legal obligations, disputes, claims or protection of our rights. You have the right to object to this processing at any time. For direct marketing purposes, this right is absolute (Art. 21(2) GDPR). You can object by replying to any message from us or writing to hello@man.digital, and you can request access, rectification or erasure. On request, we will tell you the specific source of your data.
Our clients' customer data
When we deliver services, including CRM implementation, campaigns, RevOps, marketing operations, reporting, integrations, automation and advisory work, we process personal data contained in our clients' systems on their behalf and under their documented instructions, as a processor within the meaning of Art. 28 GDPR. This data remains under our client's control. We process it to the extent needed to deliver the agreed services and as otherwise permitted by the applicable data processing agreement or the client's documented instructions. Where delivery requires the use of our own tools or sub-processors, we do so under appropriate data processing terms. A list of categories of sub-processors is available on our Third-Party Services page or on request.
Separately, we act as a data controller for our own business relationship records, including records about client representatives, former clients, referred contacts, partner contacts and potential future opportunities. We may retain and enrich those records using HubSpot and other business-data tools on the basis of our legitimate interest in account management, relationship management, referrals, re-contracting, renewals, cross-selling and upselling, unless consent or another legal basis is required by applicable law.
Visitor’s data
Where the website is used for informational purposes, so that You do not transmit other information to us, we do not collect any personal data, with the exception of the data which Your browser transmits to us in order to allow You to access the website.
If you send us a message via the contact form, you disclose your name, email address and the content of your message. Website analytics and marketing cookies are used only where consent is collected through the cookie banner, except for strictly necessary technologies needed to operate the website.
We use this information to help us design our site to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server, administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.
4. What kind of data do we process
Client data (our clients and their representatives)
Name, business email address, phone number, job title, company details including company tax ID (NIP), billing information, correspondence connected with the contract, CRM/account history, commercial interests, renewal, upsell, cross-sell and re-contracting notes, referrals, relationship context, and enrichment data connected with current, former or potential client relationships. Payment card data is processed by Stripe and is not stored by us.
Prospect and marketing data
Name, business contact details, job title, employer, publicly available professional profile information (see “Prospecting data” above), newsletter and webinar registration data, and email engagement data such as opens, clicks and delivery status where you have consented to email tracking.
Our clients' customer data (as processor)
Personal data contained in our clients' CRM and connected systems, typically business contact details, company information, CRM activity, engagement signals, form submissions, campaign data, reporting data and operational notes. The exact scope is defined by each client in the data processing agreement and by the systems and records the client asks us to work with.
Visitor data
IP address, date and time of the request, time zone, pages visited or requested, HTTP status, data volume, referring website, browser, operating system and language. Cookies and similar technologies are described in our Cookie Policy.
5. What are the legal grounds for processing data
We process personal data where processing is necessary to perform a contract or take steps before entering into a contract (Art. 6(1)(b) GDPR), where we must comply with legal obligations such as accounting and tax duties (Art. 6(1)(c) GDPR), where you have given consent, including for marketing, analytics cookies and email tracking where required (Art. 6(1)(a) GDPR), or where we rely on our legitimate interests, including responding to enquiries, maintaining business records, improving our services, protecting our rights, and relevant B2B business development as described under “Prospecting data” (Art. 6(1)(f) GDPR).
Essential cookies and strictly necessary website technologies are used to operate and secure the website. Analytics and marketing cookies, including HubSpot tracking where required, are used on the basis of consent collected through the cookie banner. We process our clients' customer data as a processor under a data processing agreement and our clients' documented instructions.
6. Who do we disclose Your data to
We do not sell personal data or our clients' customer data. Where needed to run our business or deliver the agreed Services, we disclose or make personal data available to appropriate recipients, processors and sub-processors under suitable contractual terms, data processing terms, documented instructions or another valid legal basis.
These recipients include CRM and email platforms, cloud productivity providers, hosting and infrastructure providers, analytics and tag-management providers, advertising platforms, AI and data-processing service providers, sales intelligence and intent-data providers, payment providers, scheduling and event tools, project-management and operations tools, professional advisers and competent authorities where disclosure is required by law. The main categories and examples are listed on our Third-Party Services page.
HubSpot enrichment and data sharing
We use HubSpot's enrichment features to obtain, update and improve professional contact and company data. This data may originate from public sources, third-party providers, other HubSpot customers and email engagement data. When these features are enabled, business contact and company data in our CRM, such as name, business email, job title and employer, may also contribute to HubSpot's commercial dataset, which HubSpot makes available to its other customers and for which HubSpot acts as an independent data controller. HubSpot's privacy information is available at legal.hubspot.com/privacy-policy.
Our lawful basis for this processing is our legitimate interest in B2B business development, keeping CRM records accurate and maintaining relevant business communications. You may object at any time by contacting hello@man.digital, and you may also exercise your rights directly with HubSpot.
HubSpot AI model training
HubSpot may use data from our account to develop and train HubSpot's own AI features where these features are enabled. HubSpot contractually prohibits its third-party AI providers from using this data to train their models.
With your consent
We share personal data with other companies, organizations or individuals outside Man Digital where you have given consent, for example for optional marketing, analytics or integration purposes.
7. Where and to whom do we transfer Your data
To provide our Services, Man Digital uses service providers and sub-processors. For client customer data processed under a data processing agreement, our clients give us general written authorization to use sub-processors where needed for the agreed Services.
The main categories and examples of service providers and sub-processors are available on our Third-Party Services page. We will notify clients of material changes to sub-processors where required by the applicable data processing agreement, so they have the opportunity to object under that agreement.
8. Your rights
- Access: You have the right to be informed about your personal data processing, including the source of your data, the purpose of processing, the categories of recipients and how long the data will be stored.
- Rectification: You have the right to request correction of inaccurate or incomplete personal data.
- Erasure (“right to be forgotten”): You have the right to request erasure of your data. We may retain data where we have a legal ground to do so under Art. 17(3) GDPR, for example ongoing contract performance, legal claims, statutory retention duties or suppression records needed to respect an objection.
- Restriction on processing: You have the right to request restriction of processing in the cases set out in Art. 18 GDPR.
- Portability: Where GDPR gives you the right to data portability, we will provide the relevant data in a structured, commonly used and machine-readable format.
- Right to withdraw consent: You can withdraw consent at any time, for example by clicking “Unsubscribe”, using a manage-preferences link or writing to hello@man.digital. Withdrawal does not affect processing carried out before withdrawal.
- Right to object: You may object to processing based on our legitimate interest, including prospecting, enrichment and analytics, by clicking “Unsubscribe” where available or writing to hello@man.digital. For direct marketing, this right is absolute under Art. 21(2) GDPR.
- Lodge a complaint: You have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO) in Poland or with your local EU data protection authority if you have concerns about how Man Digital processes your personal data.
9. Cross-border transfer
Some of our service providers process personal data in the United States or other countries outside the European Economic Area. This may include providers used for CRM, email, cloud productivity, analytics, advertising, AI, enrichment, payments, automation and operations.
Where personal data is transferred outside the EEA, we rely on appropriate safeguards such as the EU–US Data Privacy Framework certification and/or Standard Contractual Clauses, as applicable to each provider, together with additional measures where required.
10. Retention
We keep personal data for the duration of our business relationship and for the time needed to fulfil legal obligations, resolve disputes, enforce agreements and protect our rights. Business relationship records may be retained while there is an active or reasonably foreseeable relationship, opportunity, referral, renewal, upsell, cross-sell or re-contracting context, unless you object and no overriding legal basis requires retention. We review prospecting and business relationship records at least every 3 years and delete or anonymise records where no interaction or realistic business context remains. Data contained in accounting and tax documentation is retained for the period required by law, in principle 5 years counted from the end of the relevant tax year.
Data processed on the basis of consent or our legitimate interest is retained only for as long as needed for the relevant purpose, unless a different period is stated in this Privacy Policy, a business relationship develops, you withdraw consent, you object to processing, or a longer period is needed for legal obligations, claims or suppression records. Prospecting data is retained as described under “Prospecting data”.
As a processor for our clients, we delete or return client customer data according to the applicable data processing agreement, the client's documented instructions, and the retention settings of the client's systems.
11. Changes and updates to the Privacy Policy
As Man Digital evolves, this Privacy Policy may change. We reserve the right to amend the Privacy Policy at any time, for any reason. We will notify clients and subscribers of material changes by email where appropriate. The current version and its effective date are always published on this page.
4 July 2026
Man Digital team