Privacy Policy


If you have come to this page, it means that protecting your personal information is important to you. We want to assure you that we care about your privacy, and it is important to us. To this end, we have implemented not only legal but also technical measures to further strengthen its protection.

The Administrator's head office is located in Switzerland, which means that in accordance with the nFADP and the GDPR, the following is our policy on how we process your personal data. Please read the most important questions relating to your personal data, and if you have any doubts about the Privacy Policy, please feel free to contact us via:

Key information:

  • It is possible to use the website without providing any personal data. However, if a data subject wishes to use special services of our company via our website, it may be necessary to process personal data.
  • The Administrator's Services may require data transfers between Switzerland and the European Union (EU) and the European Economic Area (EEA) in accordance with the GDPR and nFADP. To ensure the protection of personal data during such transfers, the Service Provider relies on certain lawful transfer mechanisms, i.e. the Service Provider relies on the European Commission-approved standard contractual clauses as the legal mechanism for certain data transfers from the EU/EEA and Switzerland (designated countries). These clauses are contractual obligations between companies transferring personal data, which impose obligations on these companies to protect the privacy and security of data. The Service Provider has adopted the Standard Contractual Clauses to ensure that data transfers needed to provide, maintain and develop our services are carried out in accordance with the law. You can find them at this link: Standard contractual clauses for international transfers
  • Your personal data may be transferred outside the European Economic Area (e.g. in connection with the Administrator's use of software from entities there). The European Commission has issued decisions (Commission Decision of July 26, 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Switzerland (notified under Document No. C(2000) 2304))confirming the adequate level of protection for, among others, Switzerland and to a limited extent: United States (entities that have joined the self-certification mechanism - the so-called Privacy Shield) and Canada (commercial organizations). When transferring data to other entities outside the EEA, appropriate safeguards required by the GDPR must be met. You may obtain a copy of the personal data transferred to a third country by contacting the Service Provider, for example by email to:

Privacy Policy

§1 Who is the Administrator of your personal data?

The administrator of your data is HexArcana Cybersecurity limited liability company with registered office in Cholenmoosweg 5, 8942 Oberrieden, Switzerland, represented by Michal Składnikiewicz. You can contact the Administrator by writing to:

§2 For what purpose do we collect your data and how long do we keep it?

We may process your data for the following purposes:

1. Communication with you, including responding to questions submitted via contact form, email, etc.;

Your data will be processed based on the Administrator's legitimate interest in communicating with Website Users (Article 6(1)(f) GDPR). Your data will be processed no longer than until you object or the business purpose ceases. Providing this data is voluntary, but at the same time necessary for communication with you. Data may also be processed during the archiving process for internal purposes, based on the Administrator's legitimate interest (Article 6(1)(f) GDPR), until you object or the business purpose ceases.

2. Conclusion of the contract and its execution (placing an order);

3. Establish, defend and pursue claims;

4. To carry out legal obligations incumbent on the Administrator (including tax and archiving obligations);

  • The data necessary for the conclusion and performance of the contract will be processed for the duration of the contract, including the duration of the exercise of contractual rights, such as the right of complaint under warranty (Article 6(1)(b) and (f) GDPR). Provision of this data is voluntary, but at the same time necessary for the conclusion and execution of the contract.
  • Additional data provided for the purpose of, among other things, facilitating the execution of the contract, will be processed no longer than until you raise an objection, or the business purpose ceases, based on the legitimate interest of serving customers (Article 6(1)(f) GDPR).

Thereafter, the data will be processed for the period of the statute of limitations for claims, based on the Administrator's legitimate interest in defending against claims, as well as for the purpose of establishing and asserting claims (Article 6(1)(f) GDPR).

  • If the data are necessary for the fulfillment of legal obligations incumbent on the Administrator (such as issuing and storing invoices, implementing procedures under the Digital Services Act) - the data will be processed for this purpose for no longer than 6 years (archiving obligations regarding accounting documents), unless otherwise provided by law (Article 6 (1) (c) GDPR).

Data may also be archived for internal and statistical purposes until you object, or the business purpose ceases, based on the Administrator's legitimate interest (Article 6 (1) (f) of the GDPR).

5. To provide marketing information (including sending newsletters and information about services, products, promotions)

The data will be processed based on the legitimate interest of the Administrator, in the form of marketing the Administrator's products and services (Article 6(1)(f) GDPR). Data will be processed no longer than until you object or the business purpose ceases - whichever comes first. Provision of data is voluntary, but necessary to receive marketing/trade information.

In accordance with Article 10 of the Act on Rendering Electronic Services, for the purpose of maintaining commercial communications and telephone communications, I need your consent. All information regarding data processing for our newsletter can be found in the Terms and Conditions of the newsletter.

What we use to handle and send the newsletter:

  1. GetResponse S.A., based in Gdańsk (80-309) at 413 Grunwaldzka Avenue, Poland -
  2. Scaleway, 8 RUE DE LA VILLE L'EVÊQUE, 75008 Paris 8, France -
  3. MailJet 43 rue de Dunkerque, 75010 Paris, France -

6. Administration and management of the page and groups on social media platforms (including Facebook (Meta), Discord), when processing data on social media platforms, including communication and targeting of marketing content

This data will be processed only if you choose to: liking the page / joining the group / selecting the “Observe” option or otherwise leaving your data on the platform, managed by me, such as posting a post or comment. The data will be processed for the period of existence of the site/group or until you object, which can be done by un-clicking the “Like” or “Observe” option, deleting the comment/entry, or by other means provided by the platform/website or by contacting me. Please be advised that the rules relating to the page/fanpage/group, are set by the Administrator, while the rules for the use of the social network on which the page/fanpage/group is placed, are set by the entity managing these portals.

7. Analytical and statistical

Data processing for analytical and statistical purposes, consists in the analysis of data, obtained automatically when using the Website, including cookies. The data is processed based on the legitimate interest of the Administrator, in the form of adapting the content of the Site to the User's preferences and optimizing the use of the Site; creating statistics that help understand how Users use the Site, which allows improving its structure and content (Article 6(1)(f) GDPR). Data may also be archived for internal and statistical purposes, based on the Administrator's legitimate interest (Article 6(1)(f) GDPR), until you object or the business purpose ceases.

8. Promotion and marketing

If you provide us with your data, in particular in the form of an opinion regarding a product or service, including image data, it will be processed based on the legitimate interest of the Administrator in the form of marketing, for the purpose of improving the quality of services and products and promoting the Administrator's services and products. The data will be processed for the period necessary to fulfill the business purposes or until you raise an objection. Provision of data is voluntary.

9. Collection of sensitive data

Sensitive data is collected for the performance of the contract and its proper execution - based on your informed and voluntary consent (Article 9(2)(a) of the GDPR) - until the business purpose ceases or the consent is withdrawn. Provision of data is voluntary but is necessary for the proper execution of the contract.

§3 To whom may we share your data?

We will transfer your data to other entities only if this is necessary for the purposes of the processing referred to in §2, and only to the extent necessary to achieve this purpose. As a rule, we only collect and process data that you yourself have provided to us, subject to data collected automatically (cookies). You can find more about cookies in §7.

If necessary, your data may be transferred to entities with which we cooperate in the implementation of the above. purposes, in particular, a hosting company, a company providing accounting and bookkeeping services, a company providing invoicing software, a company providing newsletter services, a company providing cloud services, entities providing marketing services, entities providing administrative services, entities providing consulting services, subcontractors, lawyers, couriers or postal operators, a training platform, a social networking platform, a customer service platform, an appointment scheduling platform, a platform for providing products or services, other entities that support the Administrator in achieving the purposes of processing.

The services provided by Google (Cloud), Facebook (META), or Discord are generally performed by entities based in the European Union. However, due to the global nature of these entities’ operations, your data may be transferred to the US and/or outside the EEA, in connection with their storage on US and/or Swiss servers (in whole or in part). Separately, Google, Facebook and Discord have implemented safeguards in accordance with the requirements of the GDPR to protect personal data, using standard contractual clauses. For more information on the data processing policies of the above providers, please refer to the Privacy Policies of each entity.

§4 What rights do you have?

In relation to the GDPR, you have the right to access your personal data, rectify your personal data, erase your personal data, restrict the processing of your personal data, object to the processing of your personal data, portability of your personal data, withdraw your consent to the processing of your data; withdrawal of consent, does not affect the lawfulness of the processing carried out before its withdrawal. Detailed information on the above-mentioned rights can be found in the GDPR regulation, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

If you believe that your personal data is being processed in violation of applicable law, you have the right to complain to the President of the Office for Personal Data Protection. In such a case, however, we encourage you to contact us in advance to clarify your concerns.

§5 Is your data being profiled?

The Administrator analyzes personal data by automated means, using tools provided by software providers (e.g. by means of statistics, history), only to the extent that it has no legal effect on you or does not materially affect your situation, including guaranteed rights and freedoms. The purpose of processing data by automated means, is to learn about Users’ preferences
(for more information on analysis, see §7 Cookie Policy).

§6 Laws applicable to personal data

In matters not regulated, the relevant provisions of law, including European law (including GDPR) shall apply.

§7 Cookie Policy

The site does not automatically collect any information, except for the information contained in cookies. This data is collected, in a way that does not allow the identification of the User, the so-called anonymous data.

Cookies (“cookies”) are IT data, in particular text files, which are stored on the Website User's terminal device and are intended for use on the Website. Cookies usually contain the name of the website from which they come, the time they are stored on the end device and a unique number.

Cookies are used: to customize the content of the Site to the User's preferences and to optimize the use of the Site, as well as to create statistics that help understand how Users use the Site, which allows improving its structure and content.

You can make your own changes in the settings, regarding cookies. In many cases, your web browser allows cookies to be stored on your end device by default. Detailed information about the possibility and methods of handling cookies is available in the settings of your software (web browser). If you do not agree to cookies, you may limit the operation of certain functionalities on the Site. You will find relevant instructions in the following subpages, depending on the browser you use:

Technical Type Name Type Expire Purpose
Cookie cookie_consent Essential 1 year The cookie is used to store the consent given for the use of cookies. It does not store any personal information.
Cached files and their metadata - Functional 1 month Page resources, such as graphics, fonts, styles, and the like, stored with the user in order to load the page faster, reduce Internet consumption and electricity. They do not store any personal information and are not used to track you.

The Administrator uses technologies, observing actions, taken by the User on the Site:

  1. The use of additional benefits by users of the HexArcana website may be governed by separate terms and conditions, which will be communicated to Users by the Administrator through the Discord server of the HexArcana community. The provider of the closed Discord server for the HexArcana community is Discord Inc., 444 De Haro Street #200, San Francisco, CA 94107. The User's use of the Discord server is governed by the terms and conditions of the application provider, available at:,
  2. Google tools, including Google Cloud, Google Workspace, provided by Google LLC, Zürich BRA Brandschenkestrasse 110 8002 Zürich, Switzerland, to host this Site, and to allow access to it via the Internet. They help to improve the Site. This data is processed based on the Administrator's legitimate interest (Article 6(1)(f) GDPR). Detailed information on Google Clouds can be found at: principles of using Google tools. Details on Google's data protection are available at the link: details on protection

§8 Social plug-ins and direct links

  1. In connection with the use of a website that may contain such a plug-in, the user's browser establishes a direct connection to the servers of the social network administrators (service providers). The content of the plug-in is transmitted by the respective service provider directly to the user's browser and integrated into the website. Through this integration, the service providers receive information that your browser has viewed the Website, even if you do not have a profile with the respective service provider or are not logged in to it. This information (including your IP address) is transmitted by your browser directly to the server of the relevant service provider (some servers are located in the USA) and stored there. The Site may feature plug-ins, widgets and other social media tools provided by portals such as: Facebook (Meta), Discord.
  2. The social media platform may acquire information about your use of the site, particularly when you are logged in as a user of the site.
  3. As part of the Administrator's activities, direct links to social media have also been embedded on the website. The purpose and scope of data collection and its further processing and use by service providers are described in the privacy policies indicated below:
    1. YouTube –
    2. Vimeo, Inc. –
    3. Discord, Inc. –
    4. Facebook –
    5. X –
    6. BlueSky –
    7. TikTok –
    8. Instagram –

§9 Server Logs

  1. Using the site involves sending requests to the server that hosts the website.
  2. Each request to the server is recorded in the server logs, which include, for example: the IP address, the date and time of the server, information about the web browser and the operating system you are using.
  3. The data recorded in the server logs are not associated with specific users of the site and are used as supporting material for administrative purposes.
  4. Their contents are not disclosed to anyone except those authorized to administer the server.

Archive of old (no longer in force) privacy policies:

  1. Archived Privacy Policy that was in use between 2024-07-07 and 2024-07-11