PRIVACY POLICY
KnowGuard Sp. z o.o.
Ul. Nad Stawem 7, 80-454 Gdańsk
Tax ID (NIP): 9571193853
KRS: 0001198342
Last updated: December 2025
1. GENERAL INFORMATION
1.1 Personal Data Controller
The personal data controller within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (GDPR) is:
KnowGuard Sp. z o.o.
• Address: Ul. Nad Stawem 7, 80-454 Gdańsk
• Tax ID (NIP): 9571193853
• KRS: 0001198342
• Email: info@knowguard.eu
1.2 Data Protection Officer
Information regarding the Data Protection Officer will be available on the website.
1.3 Purpose of the Privacy Policy
This Privacy Policy sets out the principles for processing personal data of users of the website available at kguard.learnworlds.com and based on the LearnWorlds platform, managed by KnowGuard Sp. z o.o. in connection with the organization and sale of online training courses.
2. PERSONAL DATA PROCESSED BY THE CONTROLLER
2.1 Data Categories
As part of providing educational services, KnowGuard and Partners process the following categories of personal data:
Identification data:
• First and last name
• Email address
• Telephone number
• Residential/business address
Account data:
• Login (username)
• Password (encrypted)
• Publicly displayed name
Educational process data:
• Test and quiz results
• Course completion progress
• Time spent on the platform
• Login history
• Completed training modules
• Certificates and confirmations
Financial data:
• Information about transactions and payments
• Billing history
• Billing address
• Credit card number
Communication data:
• Content of correspondence with customer service
• Messages on the platform
• Feedback and opinions on courses
Analytical data:
• IP address
• Browser type and device
• Date and time of visit
• Pages visited on the platform
• Traffic source (referrer)
2.2 Data Sources
Personal data originate from the following sources:
• Directly from the user – during registration, course purchase, form completion
• Automatically – through cookies, server logs, analytical tools
• From data processors – LearnWorlds and other service providers
• From third parties – to the extent required by law
3. LEGAL BASIS FOR DATA PROCESSING
3.1 Legal Basis for Processing
KnowGuard and partners process personal data on the following legal bases (Art. 6 GDPR) divided into 3 categories each:
1. Data Category
2. Processing Purpose
3. Legal Basis
A1. Registration data
2. Processing Purpose
3. Legal Basis
A1. Registration data
A2. Account creation and management
A3. Contract (Art. 6(1)(b))
A3. Contract (Art. 6(1)(b))
B1. Contact data
B2. Communication with user
B3. Contract (Art. 6(1)(b))
B2. Communication with user
B3. Contract (Art. 6(1)(b))
C1. Educational results
C2. Conducting educational process
C3. Contract (Art. 6(1)(b))
C2. Conducting educational process
C3. Contract (Art. 6(1)(b))
D1. Financial data
D2. Payment and billing processing
D3. Contract (Art. 6(1)(b))
D2. Payment and billing processing
D3. Contract (Art. 6(1)(b))
E1. Analytical data
E2. Service improvement
E3. Legitimate interest (Art. 6(1)(f))
E2. Service improvement
E3. Legitimate interest (Art. 6(1)(f))
F1. Marketing data
F2. Information about new courses
F3. Consent (Art. 6(1)(a))
F2. Information about new courses
F3. Consent (Art. 6(1)(a))
G1. Training documentation
G2. Legal and certification requirements
G3. Legal obligation (Art. 6(1)(c))
G2. Legal and certification requirements
G3. Legal obligation (Art. 6(1)(c))
H1. Security
H2. Fraud and cyberattack prevention
H3. Legitimate interest (Art. 6(1)(f))
H2. Fraud and cyberattack prevention
H3. Legitimate interest (Art. 6(1)(f))
3.2 Consent to Data Processing
To the extent that data processing is not necessary for the performance of a contract or legal obligation, KnowGuard obtains the express consent of the user. Consent is:
• Voluntary – the user may withdraw it at any time
• Informed – preceded by full information about the purposes of processing
• Specific – given separately for each purpose
4. DATA PROCESSING PURPOSES
4.1 Main Purposes
Personal data are processed for the following purposes:
1. Provision of educational services:
• Enabling access to courses and training materials
• Tracking learning progress
• Issuing certificates and confirmations
2. Handling financial transactions:
• Processing payments for courses
• Issuing invoices
• Handling returns and refunds
3. Communication:
• Responding to user inquiries
• Sending notifications about course changes
• Information about new trainings (with consent)
4. Service improvement:
• Analyzing user progress
• Improving course content quality
• Developing new educational products
5. Legal requirements and security:
• Fulfilling obligations under legal provisions
• Preventing fraud and violations
• Securing IT infrastructure
6. Marketing and promotion:
• Sending news updates (with consent)
• Promotional campaigns
• Market research
4.2 Prohibited Purposes
KnowGuard does not process personal data for the purpose of:
• Discrimination or violation of dignity
• Sale to third parties without consent
• Automated decision-making with significant effect
• Profiling beyond training purposes
5. DATA RETENTION PERIOD
5.1 Retention Principles
Personal data are retained only for the period necessary to achieve the processing purposes, subject to obligations arising from legal provisions.
Format: Data Category / Retention Period:
Registration data (active account) / Duration of contractual relationship
User educational data / 3 years from course completion
Certification documentation / 5 years (legal requirement)
Financial data and invoices / 5 years (tax requirement)
Analytical data / 12 months
Support messages / 2 years
Marketing data (no activity) / Until withdrawal consent
Security logs / 90 days
5.2 Data Deletion
After the retention period expires, data are:
• Anonymized – removal of all identifiers
• Deleted – permanent removal from databases
• Archived – in the case of legally required data (in archival mode)
The user may request deletion of their data at any time (right to be forgotten), except for legally required data.
6. SHARING PERSONAL DATA WITH PROVIDERS
6.1 Data Processing Entities
KnowGuard shares personal data with the following categories of recipients:
1. LearnWorlds – Data Processor
• Role: Platform hosting, user data management
• Location: USA/EU (in accordance with SCC)
• DPA Agreement: Concluded with KnowGuard
• Data: All platform user data
2. Payment Service Providers
• Role: Credit card payment processing
• Data: Financial data (encrypted)
• Security: End-to-end encryption
3. Email Marketing Service Providers (with consent)
• Role: Sending educational and promotional messages
• Data: Email, first name, last name, preferences
• Right to opt-out: In every message
4. Analytical Tools
• Role: Analysis of user behavior
• Data: IP address, device type, platform activities
• DPA Agreement: Concluded
5. IT and Security Service Providers
• Role: Technical support, infrastructure security
• Data: Data necessary for service provision
6. Public Authorities
• Role: Fulfilling legal obligations
• Data: On request within the scope of administrative control
6.2 Data Processing Agreements
All entities processing personal data are bound by:
• Data Processing Agreement (DPA) containing GDPR commitments
• Standard Contractual Clauses (SCC) in the case of transfers outside the EU
• Confidentiality and data security obligations
• Incident reporting procedures
6.3 International Data Transfers
Data may be transferred outside the European Union only:
• To countries recognized as providing an adequate level of protection
• On the basis of approved Standard Contractual Clauses (SCC)
• On the basis of the EU-U.S. Data Privacy Framework
• Always with appropriate safeguards in accordance with GDPR
7. USER RIGHTS
7.1 Rights of the Data Subject
In accordance with GDPR, each user has the right to:
1. Right of access (Art. 15 GDPR)
• Obtain confirmation whether data are being processed
• Receive a copy of processed data
• Information about processing purposes, legal bases, and recipients
2. Right to rectification (Art. 16 GDPR)
• Request correction of inaccurate data
• Completion of incomplete data
3. Right to erasure (Art. 17 GDPR) – "Right to be forgotten"
• Deletion of data when no longer necessary
• Withdrawal of previously given consent
• Objection to processing
• Restrictions specified by law do not apply to this right
4. Right to restriction of processing (Art. 18 GDPR)
• Suspension of data processing on request
• Possibility of storing data without active processing
5. Right to data portability (Art. 20 GDPR)
• Receive data in a structured, commonly used format
• Transfer data to another controller
6. Right to object (Art. 21 GDPR)
• Object to data processing for direct marketing purposes
• Object to processing based on legitimate interest
7. Right not to be subject to automated decision-making (Art. 22 GDPR)
• Right to avoid decisions based solely on automated processing
8. Right to lodge a complaint with the President of PUODO
• Right to file a complaint with the supervisory authority
7.2 Exercise of Rights
Requests regarding user rights may be exercised through:
• Email – gdpr@knowguard.eu
• Traditional mail – KnowGuard Sp. z o.o., Ul. Nad Stawem 7, 80-454 Gdańsk
Processing time: Requests will be processed within 30 days of receipt (in accordance with Art. 12 GDPR).
7.3 Costs
Exercise of user rights is free of charge, except for:
• Manifestly unfounded or excessive requests – possibility of charging a reasonable fee
• Duplicate copies of data – possibility of charging a reasonable fee for administrative costs
8. PERSONAL DATA SECURITY
8.1 Technical and Organizational Measures
KnowGuard implements the following data protection measures:
Technical Security:
• Data encryption:
o TLS/SSL encryption of data in transit
o Encryption of data stored in databases
o Passwords stored in hashed form
• Access control:
o KnowGuard applies two-factor authentication (2FA) in administration and encourages users to activate 2FA on accounts
o Role and permission management (RBAC)
o Restricted access to sensitive data
• Monitoring and logging:
o Logs of all personal data access
o Monitoring unauthorized access attempts
o Alerts in case of anomalies
• Backups:
o Regular creation of backups
o Storing backups in a secure location
o Regular testing of recovery procedures
Organizational Security:
• Employee training:
o Training on GDPR and data protection
o Safe data handling procedures
o Regular knowledge refreshment
• Procedures and policies:
o Access control policy
o Incident response procedures
o Information security policy
• Audits and assessments:
o Regular security audits
o Data processing risk assessment
o Penetration testing
• Physical security:
o Restricted server access
o Server room monitoring
o Physical access control procedures
8.2 Reporting Data Breaches
In the event of a personal data security breach, KnowGuard will:
• Promptly (within 72 hours) notify the President of the Personal Data Protection Office
• Without undue delay notify data subjects (if the breach poses a high risk)
• Provide information about the nature of the breach, possible consequences, and actions being taken
9. LEGAL COMPLIANCE
9.1 Regulatory Compliance
This Privacy Policy complies with:
• Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR)
• Act on the Protection of Personal Data of 10 May 2018
• Telecommunications Law (in the part concerning cookies)
• Act on the Provision of Services by Electronic Means of 18 July 2002
• Civil Code and Commercial Code
9.2 Data Protection Impact Assessment
KnowGuard conducts Data Protection Impact Assessments (DPIA) in cases of:
• Large-scale data processing
• Processing of sensitive categories of data
• Automated decision-making with significant impact
• New processing technologies
10. CHANGES TO THE PRIVACY POLICY
10.1 Amendment Procedure
KnowGuard reserves the right to amend this Privacy Policy. In case of material changes:
• The user will be notified electronically
• The change will take effect no earlier than 30 days after notification
• The user has the right to terminate the agreement or withdraw from services before the changes take effect in accordance with the Terms of Use
Minor changes (technical corrections, clarifications) may be introduced without prior notice.
11. CONTACT AND PROCEDURES
11.1 Contact Details
For matters concerning the protection of personal data, please contact:
KnowGuard Sp. z o.o.
• Address: Ul. Nad Stawem 7, 80-454 Gdańsk
• Email: info@knowguard.pl
• Telephone: +48 [phone number]
• Online forms: available on the platform
Data Protection Officer:
• Email: gdpr@knowguard.pl
11.2 Complaint to Supervisory Authority
In case of dissatisfaction with KnowGuard's actions regarding data protection, the user has the right to file a complaint with:
President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych)
• Address: Ul. Stawki 2, 00-193 Warsaw
• Email: uodo@uodo.gov.pl
• Website: www.uodo.gov.pl
• Telephone: +48 22 531 03 00
A complaint may be filed without prejudice to other judicial proceedings.
12. FINAL PROVISIONS
This Privacy Policy constitutes an integral part of the Platform Terms of Use. In case of conflict between the Privacy Policy and the Terms of Use, the Polish language version shall prevail.
Effective Date: December 2025
This document will be subject to periodic reviews and updates depending on changes in legal provisions and data protection practices.
Created with
