Privacy policy

Your privacy is important to us. This policy explains what personal data we collect from you and how we use it. It also explains how our website uses cookies.

At certain times, Tooploox may change or modify our policy at our own discretion, adding or removing information to reflect current practices – in other words, giving you the most up to date information. When this occurs, we will update this policy with the most recent revision date.

We may also retain data when required to comply with legal obligations, enforce agreements or resolve ongoing disputes. Such data will be deleted when no longer required and such incidents have been resolved.

Processing Personal Data

Who is responsible for processing your personal data?

Tooploox Sp. z.o.o is the controller of your personal data.

Our registered office is: ul. Tęczowa 7, 53-601 Wrocław

This is registered with the Register of Entrepreneurs of the National Court Register maintained by the District Court in Wrocław-Fabryczna, VI Commercial Division of the National Court Register.

How, When and Why do we collect your personal data and for How Long do we store it?

We only store your data via request, when legal consent has been given. This occurs in a number of circumstances:

Contact form

If you use our contact form, we collect your name and e-mail address. We also collect any additional, optional information you provide us with. We store your data with the message sent to us, which includes any information about your project or request, if provided.
This data is used to contact you in regards to your initial request. If this results in successful cooperation, we will continue you to process your data as we provide you with our services. If not, your data is removed after 2 years.
In limited circumstances, we may also use your information for other purposes, where permitted by law. This does not include marketing or advertising purposes.
We store your personal data on Pipedrive’s database, where we retain access. However, we process data on our own personal servers for the purposes of invoicing.
You can review the privacy policy for Pipedrive on the company’s website. You can request the removal of your data by contacting us at

Job Application Form

For job applications with Tooploox, our form requires your full name and e-mail address, as well as the option to include your phone number. We also require a copy of your CV.
Any data given is used solely for the application in question. If consent is given, we will store your data for 2 years, specifically for the purposes of future recruitment. Personal data is stored on Lever’s servers and is processed through our own servers. You can review the privacy policy for Lever on the company’s website.
You can request to review your personal data, or request its removal, by contacting us at

3rd Party Applications

Our website uses 3rd party applications that request and use personal data.
Our blog uses Disqus to allow people to comment. If you sign up for Disqus, this data is not controlled by us. You can review the privacy policy for Disqus on the company’s website.
We use Lever for the purposes of recruitment. Personal data is stored on Lever’s servers, but it is only processed through our own servers. You can review the privacy policy for Lever on the company’s website.
We also use Pipedrive for the purposes of working with clients on projects. You can review the privacy policy for Pipedrive on the company’s website.

Protecting Your Personal Data

We use various technical and organizational security methods, such as encryption, to ensure and maintain the safe storage of your personal data. Your personal data is stored in secured networks and is only accessible by a limited number of people that have been given special, specific rights to access such systems.

Your Personal Data Rights

We recognise and respect your rights to your personal data. You have the right to request:

You have the right to object to us processing your personal data in relation to your particular situation. You are also free to opt-out from direct marketing.
In situations where we have obtained your consent to process your personal data, you also have the right to withdraw this consent at any time. This will not influence the lawful status of any processing that has occured before the withdrawal occurred.
To enact any of your personal data rights, please contact us at
You also have the freedom to lodge a complaint with a supervisory authority. For us, as a Polish company, our supervisory authority is Generalny Inspektor Ochrony Danych Osobowych. You can learn more on the Generalny Inspektor website.

Cookies and Pixel Tags

We receive and record information, which may include personal data, from your browser when you use our website. We use a variety of methods, such as cookies and pixel tags to collect this information, which may include your:

Third parties may also collect information via our website through the use cookies or third party widgets and plug-ins. These particles collect data directly from your web browser, processing the data under their own privacy policies.
We also use cookies and pixel tags to track how visitors use our website and to gain insight regarding their preferences. Through these, we collect aggregate data about site traffic and user interaction. This helps us identify trends and acquire statistics that can be used to improve the website.
We use the following cookies:

Cookie Purpose Duration
__cfduid Used by Cloudflare content network to identify trusted web traffic 1 year
_hp2_id Used to help with analytics and track new sessions 2 years
_hp2_session Used to help with analytics and track new sessions session
PHPSESSID A PHP script to help identify sessions sesson
HotJar Cookies
_hjIncludedInSample Informs Hotjar if the user is included in samples for generating Heatmaps, Funnels and other Recordings 365 days
_hjShownFeedbackMessage Is set when a visitor minimizes or completes Incoming Feedback. It keeps the Incoming Feedback minimized while the user is on other pages set to display it. 365 days
gtag.js and analytics.js
ga Distinguishes users 2 years
_gid Distinguishes users 24 hours
_gat Used to set/control request rate. May also be titled _dc_gtm_property-id when used with Google Tag Manager. 1 minute
AMP_TOKEN Includes a token for retrieving Client ID from the AMP Client ID service. It can also have values to indicate opt-outs, inflight requests or errors in retrieving a Client ID. 30 seconds - 1 year
_gac_property-id Includes campaign information for the user. Adwords website conversion tags read this, unless you choose to opt out. 90 days
ga.js JavaScript library - first party
__utma Distinguishes users and sessions. It is created when the JavaScript library executes but no existing _utma cookies are present. It updates when data is sent to Google Analytics. 2 years (from each update)
__utmt Used to set/control request rate. 10 minutes
__utmb Determines new sessions and visits. It is created when the JavaScript library executes and no existing _utmb cookies are present. It updates when data is sent to Google Analytics. 30 minutes (from each update)
__utmc Not used in ga.js, but is interoperable with urchin.js. Historically worked with _utmb cookies to determine new user sessions or visits. End of browser session
__utmz Contains the traffic source or campaign that shows how users reached oursite. It is created when the JavaScript library executes and updates when data is sent to Google Analytics. 6 months (from each update)
__utmv Stores visitor-level custom variable data. It is created when a developer uses _setCustomVAR with a visitor level custom variable. It is updated when data is sent to Google Analytics. 2 years (from each update)
HotSpot Cookies
__hstc Stores domain, timestamps and session numbers to anonymously track visitors 2 years
hubspotutk Used on forms to track visitors and avoid duplicating the same users 10 years
__hssc Tracks pageviews and timestamps. Works with __hstc to determine new sessions. 30 minutes
__hssrc Determines new sessions None

Third Party Cookies

We also run a number of third party applications that help provide a smooth website experience.
We use Lever for the purposes of recruitment and it uses the following cookies:

Our blog posts use Disqus for comments, which uses the following cookies. These cookies are not controlled by us and help Disqus to track comments and activity across different websites.

We also use Facebook pixels to track visitors from Facebook. These use the following cookies, pixels and tags:

How to manage cookies

Your web browser’s settings can change your preferences regarding cookie storage. Most browsers also let you review and erase cookies as well. Please be aware, however, that our website will not operate property without cookies enabled.
For more information, we refer you to the help pages from browser manufacturers regarding managing cookies in their specific browsers.

For browsers not included here, please refer to the appropriate documentation provided by the manufacturer.

If you have any issues or queries regarding the processing of personal data, the use of cookies or our pixel tags, please contact us at For requests regarding your personal data and privacy complains, we strive to resolve the issue in an effective and timely manner.

Tooploox Sp. z o.o.

EU: + 48 733 888 088

U.S.: + 1 415 800 2835

Business Partnerships

Marketing & PR


Office Management

Wrocław (HQ)

ul. Tęczowa 7
53-601 Wrocław
See on the map


ul. Foksal 18
00-372 Warszawa
See on the map


ul. Rybaki Górne 4/1
80-861 Gdańsk
See on the map

We use cookies for analytics and to improve our site - more info in our privacy policy