01Who we are
The data controller for personal data processed through blackflake.com is Bennovate sp. z o.o., a Polish limited-liability company trading as Blackflake.
| Controller | Bennovate sp. z o.o. |
|---|---|
| Registered office | ul. Christiana Andersena 25, 94-118 Łódź, Poland |
| KRS | 0000597272 |
| NIP | PL7272799328 |
| REGON | 363700466 |
| Privacy contact | legal@blackflake.com |
We process personal data in accordance with the EU General Data Protection Regulation 2016/679 ("GDPR") and, where we interact with individuals in the United Kingdom, the Data Protection Act 2018 and the UK GDPR.
02What we collect
This website is a brand and research surface. It does not host a product account system, does not run third-party analytics, and does not embed third-party advertising or social-media trackers. The data we collect is limited to:
- Server logs — IP address, User-Agent, referring URL, request time, and the resource requested. Required to serve pages and to defend against abuse.
- Email contents — when you email an address listed on this site (for example
enterprise@blackflake.com), the address you send from and the content of your message. - Local preferences — a theme preference is stored in your browser's
localStorageasbf:theme. It never leaves your device. It is not a cookie and is not transmitted to us.
03Lawful bases
We rely on the following lawful bases under GDPR Article 6:
| Activity | Lawful basis |
|---|---|
| Serving this website | Article 6(1)(f) — legitimate interests of the controller in operating a public information surface. |
| Server log retention | Article 6(1)(f) — legitimate interests in preventing and investigating abuse and intrusions. |
| Responding to your email | Article 6(1)(b) — performance of a contract or steps prior to entering one, where relevant. Otherwise Article 6(1)(f) — legitimate interest in maintaining business correspondence. |
04How we use it
- Operate, secure, and improve the website.
- Respond to enquiries sent to Blackflake addresses.
- Defend against abusive traffic, scraping outside our robots policy, and security threats.
- Comply with legal obligations (for example responding to lawful requests from regulators or courts).
We do not use your data to profile you, train machine-learning models, serve you targeted advertising, or sell it to any third party.
05Sharing & processors
We share personal data only with service providers strictly necessary to run this site and respond to enquiries. Current processors:
| Processor | Role | Data | Location |
|---|---|---|---|
| Hetzner Online GmbH | Infrastructure hosting (web server) | Server logs (IP, User-Agent, request metadata) | Germany / Finland (EEA) |
| Google Ireland Limited | Email (Google Workspace inboxes for Blackflake aliases) | Email metadata and content you send us | EU / US with SCCs |
We have a data-processing agreement in place with each processor. We review our processor list periodically and update this policy if the list changes materially.
06International transfers
Where personal data is transferred outside the EEA or the UK (for example, Google Workspace may route some mail through US infrastructure), transfers are protected by the European Commission's Standard Contractual Clauses together with supplementary technical and organisational measures, in line with GDPR Chapter V and the Schrems II judgment.
07Retention
| Data | Retention |
|---|---|
| Server logs | Rotated after 14 days; not retained beyond 30 days except for security-incident investigation. |
| Email correspondence | Retained for as long as necessary to handle the enquiry and for a reasonable period afterwards for business-record and legal-defence purposes (typically up to 6 years for commercial contacts, in line with Polish civil law). |
| Legal records | Retained as required by applicable law, which may be longer than the periods above. |
08Your rights
Under GDPR and UK GDPR you have the right to: access your personal data (SAR), request rectification, request erasure, restrict or object to processing, receive a copy in a portable format, and withdraw consent where consent is the lawful basis.
To exercise any of these rights, email legal@blackflake.com. We respond within one calendar month, extensible by two months where the request is complex, and we will tell you if we invoke that extension.
You also have the right to lodge a complaint with a supervisory authority:
- Poland: Prezes Urzędu Ochrony Danych Osobowych (UODO) — uodo.gov.pl
- United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
09Security
We apply technical and organisational measures appropriate to the risk: TLS on every public endpoint, encryption at rest on the hosting provider's volumes, least-privilege access, regular patching, and a documented vulnerability-disclosure policy. Report security issues to security@blackflake.com — see our security page or security.txt.
10Children
This site is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, email legal@blackflake.com and we will delete it.
11Changes
We may update this policy. Material changes will be reflected in the "Version" and "Effective" dates above. For significant changes we will take reasonable steps to notify individuals whose data we hold, where we have a lawful basis to contact them.
12Contact
Privacy and data-protection matters: legal@blackflake.com.
Postal: Bennovate sp. z o.o. — Privacy, ul. Christiana Andersena 25, 94-118 Łódź, Poland.