- INSTANT DIGITAL ACCESS WORLDWIDE
Effective date: 17 April 2026. This page combines the Privacy & Cookie Policy and the Newsletter & Marketing Consent Terms of BV CAPITAL Sp. z o.o.
For the purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and the UK GDPR, the Data Controller is:
BV CAPITAL Sp. z o.o.
Plac Wolnica 13/10, 31-060 Kraków, Poland.
NIP 7792535920; REGON 521204363; KRS 0000953284.
For the purposes of California consumer-privacy law (CCPA/CPRA), BV CAPITAL Sp. z o.o. is a “business.” For the purposes of Canadian PIPEDA, the Company is an “organisation.” For the purposes of the Australian Privacy Act 1988 (Cth), the Company acts as an overseas recipient and complies with the Australian Privacy Principles (APPs) to the extent applicable.
Privacy contact: support@findyourflowpub.com | Postal: Plac Wolnica 13/10, 31-060 Kraków, Poland.
The Company has assessed its processing activities and has determined that appointment of a Data Protection Officer is not mandatory under Article 37 GDPR, because the Company’s core activities do not consist of large-scale processing of special-category data under Article 9 GDPR or large-scale systematic monitoring of data subjects. Privacy matters are handled internally by the Company’s management. Users may nonetheless contact the privacy contact above with any data-protection enquiry.
The Company collects and processes the following categories of personal data:
Note on financial data: the Company does not collect, store, or process full credit-card numbers or equivalent sensitive payment data. All such data is securely processed by the Merchant of Record (Lemon Squeezy) and, where applicable, by the upstream payment processors (e.g., Stripe, PayPal).
The Company processes personal data for the following purposes, on the legal bases indicated (Article 6 GDPR):
(a) Performance of a contract (Art. 6(1)(b) GDPR): to deliver purchased digital products, provide customer support, manage accounts, and fulfil the Terms.
(b) Legal obligation (Art. 6(1)(c) GDPR): to comply with tax, accounting, anti-money-laundering, and consumer-protection obligations (e.g., issuing and retaining invoices for the period required by Polish law).
(c) Consent (Art. 6(1)(a) GDPR): for direct-marketing emails (newsletter), for non-essential cookies and tracking (e.g., Meta Pixel, Google Analytics), and for any optional features. Consent may be withdrawn at any time with effect for the future.
(d) Legitimate interests (Art. 6(1)(f) GDPR): for website security, fraud prevention, debugging, aggregate analytics, handling complaints, and defending or exercising legal claims. The Company has carried out a balancing test and determined that its legitimate interests are not overridden by the rights and freedoms of data subjects.
The Company relies on the following categories of processors and third-party recipients:
Personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA), including the United States. Such transfers are safeguarded by (i) an adequacy decision of the European Commission (for example, the EU-US Data Privacy Framework, and its UK Extension), and/or (ii) Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented where necessary by additional technical and organisational measures as recommended by the EDPB. Copies of the applicable safeguards are available on written request to support@findyourflowpub.com.
Personal data are retained only for as long as necessary to fulfil the purposes for which they were collected and to comply with legal retention obligations:
Subject to the conditions and limitations set out in the GDPR and the UK GDPR, Users have the right to:
Requests may be sent to support@findyourflowpub.com. The Company shall respond within one (1) month of receipt, extendable by two (2) further months where necessary, in accordance with Article 12(3) GDPR. The Company may request reasonable identity-verification information before acting on a request.
The Company does not carry out solely automated decision-making producing legal or similarly significant effects on Users within the meaning of Article 22 GDPR. Marketing segmentation based on cookies does not produce such effects.
In compliance with the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA/CPRA”), California residents possess the following rights:
(a) Right to Know / Access: to request disclosure of the categories and specific pieces of personal information collected, the categories of sources, the purposes, and the categories of third parties with whom the information is shared.
(b) Right to Delete: to request the deletion of personal information, subject to statutory exceptions.
(c) Right to Correct: to request correction of inaccurate personal information.
(d) Right to Limit Use of Sensitive Personal Information: where the Company processes sensitive personal information in scope of the CPRA.
(e) Right to Opt-Out of Sale or Sharing: the Company uses Meta Pixel, Google Analytics, and similar advertising technologies. These uses may constitute “sharing” for cross-context behavioural advertising under the CPRA. California residents have the right to opt out of such sharing via the cookie-consent banner (“Do Not Sell or Share My Personal Information”). The Company honours the Global Privacy Control (GPC) signal.
(f) Right to Non-Discrimination: the Company shall not discriminate against Users for exercising their privacy rights.
Verifiable consumer requests may be submitted by email to support@findyourflowpub.com. The Company will respond within 45 days, extendable by a further 45 days where reasonably necessary. Authorised agents may act on behalf of a consumer upon presentation of written authority and verification of the consumer’s identity. The Company does not “sell” personal data for monetary consideration within the meaning of the CCPA/CPRA.
For Users resident in Canada, the Company complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws (including Quebec’s Law 25, British Columbia’s PIPA, and Alberta’s PIPA). Canadian Users may (i) access their personal information, (ii) request correction of inaccuracies, (iii) withdraw consent, and (iv) file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or with the applicable provincial authority.
For Users resident in Australia, the Company handles personal information in a manner consistent with the Australian Privacy Principles (APPs) set out in Schedule 1 to the Privacy Act 1988 (Cth) to the extent applicable. Australian Users may request access to and correction of their personal information, and may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
The Service is not directed to children. In line with the U.S. Children’s Online Privacy Protection Act (COPPA), the Company does not knowingly collect personal information from children under 13 years of age. If the Company becomes aware that it has collected personal information from a child under 13 without verifiable parental consent, it will delete such information without undue delay. Parents or guardians who believe that a child has provided personal information may contact support@findyourflowpub.com.
The Company implements appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, including TLS encryption in transit, encryption of credentials at rest, access controls, logging, least-privilege principles, and periodic review of processors’ security posture. In the event of a personal-data breach likely to result in a risk to the rights and freedoms of natural persons, the Company shall notify the competent supervisory authority (UODO) without undue delay and, where feasible, not later than 72 hours after becoming aware of it (Article 33 GDPR), and shall communicate the breach to affected Users where required under Article 34 GDPR.
The Company uses cookies and comparable technologies (pixels, SDKs, local storage) as follows:
A detailed and up-to-date cookie list — including provider, cookie name, purpose, and retention — is available on the website via the cookie-preferences centre. Consent is obtained via a compliant cookie consent banner (conformant with the EDPB Guidelines 03/2022 and the ePrivacy Directive). Non-essential cookies are blocked until the User gives explicit, granular consent; consent may be withdrawn at any time through the cookie-preferences centre.
The Company may update this Privacy and Cookie Policy from time to time. The “Effective Date” at the top of this document will be updated accordingly. Where changes are material, Users will be notified by email (if subscribed) or by a prominent notice on the Service.
These Newsletter and Marketing Consent Terms govern the Company’s email-marketing and promotional communications and apply in addition to the Terms and Conditions and this Privacy and Cookie Policy.
Marketing emails are sent on the basis of the User’s prior, freely given, specific, informed, and unambiguous consent under Article 6(1)(a) and Article 7 of the GDPR, Article 13 of ePrivacy Directive 2002/58/EC, Article 172 of the Polish Electronic Communications Act, the UK PECR, the U.S. CAN-SPAM Act, the Canadian Anti-Spam Legislation (CASL), and analogous rules.
Subscription uses a double opt-in procedure: after submitting the subscription form, the User receives a confirmation email with an activation link. Marketing emails are only sent once the link has been clicked. Until confirmation, no marketing email is dispatched (other than the confirmation itself).
The newsletter may contain: (a) educational content and tips related to the topics of the Service; (b) product announcements, launches, and promotional offers; (c) access to free resources and lead magnets; (d) case studies and testimonials. Frequency is typically up to four (4) emails per month; actual frequency may vary.
The User may withdraw consent at any time with effect for the future. Every marketing email contains a one-click unsubscribe link. The User may also send a withdrawal request to support@findyourflowpub.com. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
For newsletter purposes, the Company processes the User’s email address, first name (where provided), subscription date and source, IP address at subscription, consent confirmation, and engagement metadata (open, click, bounce, unsubscribe). These data are processed by MailerLite as processor and retained until withdrawal of consent plus a short suppression period to honour the unsubscribe.
Basic profiling may be carried out to segment audiences (e.g., by engagement level or product interest) in order to send more relevant content. This profiling does not produce legal or similarly significant effects within the meaning of Article 22 GDPR.
— End of Privacy Policy page. Last updated: 17 April 2026. —