Privacy Policy

The controller of Users' personal data of the Wokanda website (the "Service") is the entity identified in the Service footer (the "Controller"). Contact for data-protection matters: the email address indicated in the Service footer.

• identification data: first name, last name, middle name (optional), professional status, chamber/OIRP, registration number;
• contact data: email address, optionally phone number;
• professional-profile data: base city, willingness to travel and travel radius, specialisations, base rate, biography;
• technical data: session identifier, IP address in server logs, push-notification subscription data;
• User-generated content: published Requests, offers, chat messages, attachments, ratings, reports.

• providing the Service - Art. 6(1)(b) GDPR (necessary for performance of the contract);
• verification of professional status in the public KRAIA / KIRP registers - Art. 6(1)(f) GDPR (legitimate interest of the Controller in ensuring platform trustworthiness);
• moderation, handling reports and inquiries - Art. 6(1)(f) GDPR;
• delivering notifications (email, web push, in-app) solely on the basis of individual User preferences available in the Profile;
• compliance with legal obligations of the Controller - Art. 6(1)(c) GDPR.

Personal data is retained for the duration of the Account. Upon Account deletion, identification data is anonymised, while historical links to completed Requests remain in the database to preserve the integrity of ratings and settlements. Verification documentation attachments are removed 90 days after the decision, raw HTML references - after 30 days.

Technical data may be transferred to entities providing hosting, S3-compatible object storage, email-delivery and push-notification infrastructure to the Controller. All recipients act on the basis of data-processing agreements. Data is not transferred to third countries outside the EEA without ensuring appropriate safeguards.

The User has the right to:

• access their data and obtain a copy - a full data export is available in "Profile" → "My data" (the "Download my data" button);
• request rectification of data - directly from the profile editor;
• deletion of data ("right to be forgotten") - the "Delete account" button in "My data"; deletion is irreversible;
• restriction of processing, data portability and the right to object;
• withdraw consent to specific notification channels at any time (the preferences matrix in the Profile);
• lodge a complaint with the President of the Personal Data Protection Office.

The Service uses only cookies and local storage strictly necessary for operation (e.g. session token, notification settings). We do not use third-party marketing or profiling cookies. The consent banner allows confirmation of acquaintance with the rules; non-acceptance does not restrict access to informational content of the Service.

Communication with the Service is over TLS. Passwords are not used - login relies on one-time email codes (OTP), optionally reinforced by a second factor (TOTP). Chat attachments are available exclusively via short-lived signed URLs (presigned URL).

The Controller may amend the Policy. The current version is always available at this page address; material changes will be communicated to the email address associated with the Account 14 days in advance.