At QA Madness, we value your privacy. This Privacy Policy defines the rules for the processing of personal data received through the website https://scan.qamadness.com/ (the “Service” or “Website”).
QA MADNESS Sp. z o.o. is the owner of the Service and the controller of the personal data collected within the Service (“we”, “Company”), with headquarters in Warsaw (02-326), Poland, 151 Aleje Jerozolimskie, Office 10.
Personal data collected by the Company through the Website are processed in accordance with the GDPR, also known as Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of individuals with respect to the processing of personal data, the free movement of such data, and on repealing Directive 95/46/EC, as well as other applicable privacy laws relevant at the time of processing, including Act of May 10, 2018, “Regarding the protection of personal data”.
We developed this Privacy Policy to inform you (“you” or “Customer”) how your personal data may be processed. We tried to write this Privacy Policy in clear and plain language for your better understanding. By doing so, we hope you will get all the needed details to be assured your personal data is safe with us.
This Privacy Policy defines:
- what personal data we process;
- what are the purposes of such processing;
- what rights the Customer has concerning such data;
- whether the data is transferred to third parties;
- what measures we take to protect personal data;
- as well as other details of personal data processing.
This Privacy Policy is an integral part of our Terms of Use. Please make sure you read them carefully. In case of any discrepancies between our Terms of Use and the Privacy Policy, the Privacy Policy shall prevail.
What is Personal Data?
Personal data is any information relating to you that alone or in combination with other pieces of information allows the person who collects and processes such information to identify you as an individual. In general, these could be your name, an identification number, email address etc. Personal data could also include such technical information as IP addresses, IMEI, both static and dynamic, browser, and system information.
Personal data processing means any action with it, for example, collection, recording, organising, structuring, storage, use, disclosure by any means, and so on.
Other terms used in this Privacy Policy have the same meaning as in our Terms of Use and the applicable law.
What Data Do We Collect?
The categories of personal data are set out in separate subsections according to the type of data collected. Please be aware that we do not purposely collect and process any of your sensitive information (like your health information, data about your religious beliefs, racial or ethnic origin etc.).
We collect information about individual users, individuals conducting their own business (sole traders), and employees or representatives of legal entities who use our automated scanning and testing tools.
We ask you not to provide us with excessive personal data, including the personal data of any third parties, or sensitive data.
| Type of data | Description |
|---|---|
| Account data |
When you create an account in the Service, we collect:
Failure to provide this data prevents registration and access to the Service. |
| Scan Data | To provide our Services, we process technical data related to your requests, including target URLs, the website’s HTML structure and metadata. This also includes accessibility audit results, error logs, scan history for pages or domains, and any AI-generated explanations or custom reports created within your dashboard. Scan Data does not typically constitute personal data, unless it contains information that can identify an individual. |
| Billing & Transaction Data |
When subscribing to a subscription plan, you provide:
We also store information about your active subscription plan and scan limits. |
| Data related to your requests |
If you contact our support or use the “Contact us” link on the pricing page:
|
| Automated collection (cookies) |
Using cookies, we collect:
|
| Marketing & Communications Data | Based on your consent, we collect your name and email address to send you information about the Full Accessibility Audit service, newsletters, and other marketing updates. |
How We Collect Your Personal Data?
We collect personal data about you from different sources. For instance, we collect and obtain information:
| Types of sources | Personal data collected |
|---|---|
| Directly from you |
We collect personal information from you when you choose to provide it, such as when you:
|
| Created by us |
We create and store information automatically when you use our tools, such as:
|
| From third parties (e.g. our service providers) | As you use payment providers (such as Stripe) for payments, we obtain information related to your purchase confirmation such as Transaction ID, Receipts, and subscription status (active/expired). We do not receive your card number or CVV. |
| Using Online Tracking Technologies | When you visit our Website and interact with the Service, we or third parties (like analytics providers) automatically collect certain information such as IP addresses, browser type, device identifiers, and session time using cookies. For detailed information on our use of cookies and similar tracking technologies, please see our Cookie Policy. |
Lawful Basis and Purposes of Processing Your Data
| Type of data | Purposes of Processing Your Data | Lawful Basis |
|---|---|---|
| Account data | To provide access to the Account and manage your dashboard. | Necessity to perform the contract, namely to provide access to the account in order to place orders and make purchases |
| Scan Data | To perform accessibility scans and generate reports. | Necessity to perform the contract. |
| Billing & Transaction Data | To process payments and handle subscriptions. | Necessity to perform the contract and compliance with legal (tax) obligations. |
| Scan history, interaction logs | To improve Service functionality, including AI-powered explanations. | Legitimate interest in delivering better automated remediation advice. |
| IP address, Account data | To ensure security and manage free scan limits. | Legitimate interest to prevent Service abuse and fraud. |
| Email, Request data | To send technical notices or response to your inquiries. | Necessity to perform the contract or Legitimate interest (customer support). |
| Marketing & Communications Data | To send you newsletters, promotional offers, and information regarding the Full Accessibility Audit service. | Consent. |
| Professional Contact Data (B2B) | To contact you regarding the Service, including onboarding, technical support, and service-related updates. | Legitimate interest in maintaining business relationships and ensuring effective service. |
We may also process some of your data on the basis of our legitimate interest:
The legitimate interest is the legal basis for the processing when we store your personal data after you delete your account. In such cases, the legitimate interest consists in avoiding risks of the loss of the data within our systems in case you want to restore your account.
In order to determine, investigate and enforce claims, to prevent or investigate possible wrongdoing, some personal data you provide may be processed as part of using the functionality in the Website, such as: name, surname, data on the use of the Website, if the claims result from the manner in which you use the Website, other data necessary to prove the existence of the claim, including the extent of the damage suffered. The legitimate interest lies in the establishing, pursuing and enforcing claims and defending against claims in proceedings before courts and other state authorities.
In order to pursue our legitimate interest in ensuring the security of data, we also make backups of your personal data collected through the Website.
Additionally, we may process some categories of your data (limited only to what is mentioned in the “What Data Do We Collect?” section of this Policy):
- to comply with our legal obligations;
- to protect your vital interests or vital interests of another natural person;
- to perform a task carried out in the public interest or in the exercise of official authority vested in us;
- to support core business functions, including to maintain records related to business process management, loss and fraud prevention;
- for the purposes of the legitimate interests pursued by us or by a third party (e.g. to prevent or investigate possible wrongdoing in connection with the Website or to protect ourselves, our subcontractors, partners and affiliates against legal liability).
In B2B relations, we may contact you regarding the Service, including onboarding, support, and service-related updates, based on our legitimate interest. This includes essential communications required to ensure that your organization can effectively utilize the purchased Services.
If we decide to change the purposes of processing specified above, we will inform you of such changes prior to the use of your personal data within the newly set purposes. Where applicable, you will have to provide your consent for the amended purposes.
Please note that we do not sell your data or make any decisions based solely on automated processing that may produce legal or similar significant effects.
How Long Do We Store Your Data?
| The legal basis for the processing | The justification for the processing |
|---|---|
| Your consent | We will process your data as long as the consent is not revoked, and after revoking the consent for a period of limitation of claims that may be raised by the Company or against it. |
| Performance of the contract | We will process your data as long as it is necessary to perform the contract, and after that time for a period of limitation of claims. |
| Legitimate interest | We will process your data until you object to processing, and after that time for a period of limitation of claims. |
We review the data retention periods to determine whether some categories can be deleted earlier or needed to be kept. The periods of data processing may be extended if the processing is necessary to establish and pursue any claims or defend against claims, and after that time only if and to the extent required by law. After the end of the processing period, the data is irreversibly deleted or anonymized.
Granting Access to Third Parties
We do not sell your personal data to third parties. However, to provide quality services and support various functions of our Website, we may hire people, and work with service providers and marketing providers. For these reasons, some of your personal data may be transferred to these persons.
In all cases, we comply with the requirements of data protection legislation and make every effort to ensure that data processing is secure at all stages. Our subcontractors and any other third parties will provide equal protection of user data as stated in this Privacy Policy. Depending on contractual arrangements and circumstances, they shall comply with the instructions of the Company as to the purposes and methods of processing these data (processors) or independently define their processing purposes and methods (administrators).
To achieve the purposes of data processing, we may provide your data to the following persons:
- Processors connected to the Website functioning: these include, among others, providers of hosting services, marketing systems (sending marketing messages and show you targeted advertising), systems for analysing traffic in our Website, systems for analysing the effectiveness of marketing campaigns.
- Controllers such as payment and banking services: the Company uses suppliers who do not act solely on the instructions and set the goals and methods of using your personal data by themselves. They provide electronic payment and banking services.
In the event of a request from the Company provides personal data to authorised state authorities, in particular to organisational units of the prosecutor’s office, the police, or the respective data protection agency. This is done only to the extent required by law.
Since some of your data may be transferred to third parties outside the EEA, we could also transfer such data on the basis of the standard contractual clauses signed with the respective third parties, if the country of transfer (like Ukraine) is not subject to the adequacy decisions of the European Commission. You may request the copy of such instruments via contact details provided in this Privacy Policy.
Your Data Processing Rights
To exercise your rights listed below, you can send a request to the Company to hello@qamadness.com. In order to properly protect your data, the Company may take additional measures to identify you when processing your request.
We will provide you with a response to your request no later than 1 (one) month from the date of its receipt, except as provided by law. If there is a valid reason, this term can be extended for another 2 (two) months, and we will inform you about such extension and the reasons in advance. Whenever we cannot execute your request, we will promptly inform you, in writing on the matters of such a decision, and the following steps from our side.
Thereby, you have the following rights:
| Right | Description |
|---|---|
| Right of access to personal data (to be informed) |
By publishing this Privacy Policy and our Terms of Use, we are enabling your right to be aware of:
To execute your right, you are welcomed to contact us. |
| Right to rectify or erase data about yourself |
You are able to control your own data. Thus, you can request reasonable corrections to inaccurate data, or you can erase the data about your identity. Your request may be restricted once the process of the data rectification or erasure will take disproportionate efforts from us. However, you may not request to change your data if such data is processed for statistical purposes. You may also independently delete your account together with the personal data associated with it by using the account settings available in the service. Hence, you are welcomed to reach us anytime. In case of disability to perform your request, we will reach you back with a reasonable explanation. |
| Right to object to the collection and processing of personal data |
To exercise this right, you have to submit the objection to us in writing. Upon receipt of such objection, we shall immediately stop the collection and processing of your personal data. Hence, the execution of this right is not applicable in cases where the collection and processing of personal data is mandatory in accordance with the law. Still, your right to object is absolute if we process your data on the basis of legitimate interest, for instance when we send you marketing emails. If you object, and we do not have any other legal basis for the processing of personal data, we will delete your personal data, the processing of which has been objected to. |
| Right to withdraw consent to the processing of personal data |
You can withdraw your consent to the processing of your personal data at any time (where the consent is the legal basis for our processing). In this case, we must stop processing, i.e., destroy or delete your personal data and notify you of the results. However, there may be exceptions to the execution of this right. For example, if the law requires the Company to retain this data, or when it is necessary for the protection in litigation, or when the Company has other grounds for the processing, we will not be able to satisfy your request. |
| Right to restriction of processing |
You may ask to “block” or prevent future use of your data while we evaluate your request to erase your data. If processing of your data is limited, we continue to store them, but are not able to use them. We maintain a list of data subjects who have requested to limit processing of their data to ensure that this limitation is respected. Please note that we may refuse or restrict your right to limitation of processing as long as it constitutes a necessary and proportionate measure to:
In such cases, we will inform you, in writing and without undue delay, of the reasons for refusal or limitation of this right. |
| Right to know about us making decisions based solely on automated processing (including profiling) and object to it | You have the right to know the mechanism of automatic processing of personal data and the right to protection against an automated decision that has legal consequences for you. We don’t make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you. |
| Right to file a complaint about the processing of your personal data | If you have not obtained satisfaction in the exercising of your rights or the way to exercise them, you may file a complaint with the data protection authority or to the court and apply legal remedies in case of violating the data protection laws. You may also demand payment of moral and material damage. |
Security of Personal Data
We take appropriate security measures to protect your personal data from accidental loss or destruction, from unlawful processing or access to it.
| Type of measures | Description |
|---|---|
| Confidentiality | All personnel are subject to full confidentiality, and any subcontractors and sub-processors are required to sign a confidentiality agreement if full confidentiality is not a part of the main agreement between the parties. Also, any access by authorised personnel is logged. We use verified contractors that might have access to the data as specified in this Privacy Policy and with whom relevant data processing agreements are concluded. Moreover, we guide and train our personnel to process your data securely. |
| Isolation | Access to personal data is restricted to individually authorised personnel. Authorised personnel are granted minimum access on a need-to-have basis. |
| Account protection |
The Company provides Customers with a secure and encrypted connection when transferring personal data and logging in to the account on the Website. In the event that the Customer who has a Customer’s Account in the Website has lost any access password, the Website allows you to generate a new password. The Company does not send a password reminder. The password is stored in the database in an encrypted form in a way that prevents its reading. In order to generate a new password, please provide your email address in the form available under the link “Remind password”, provided next to the account login form in the Website. |
| Internal Policies and Procedures | All the employees and contractors are obliged to obey the internal security policy with respect to the processing of personal data. Such policy provides for organisation, physical, and technical security measures and, for such purpose, takes into account the nature, scope, context and purposes of the processing, as well as the risks posed to the rights and freedoms of data subjects. |
Disclaimer. While taking the necessary steps to secure your data, we have no choice but to admit that no method of transmission over the Internet or method of electronic storage is 100% secure. If it happens that any of your personal data is under the breach and if there is a high risk of violating your rights as a data subject, we would inform you and the respective data protection authorities as to the accidents without undue delay. We will also do our best to minimise any such risks.
Changes to this Privacy Policy
We may amend or update this Privacy Policy from time to time. If we decide to do so, and the amendments will substantially affect your rights and legitimate interests, we will notify you of any changes via email. We will also indicate the “Latest Revised Date” at the top of this Privacy Policy.
Contact Information
If you have any questions about this Privacy Policy, our Terms of Use, or your data we process, you are welcome to contact us:
QA MADNESS Sp. z o.o.
151 Aleje Jerozolimskie, Office 10,
Warsaw, Poland
National Court Register (KRS): 0000989034
Email: hello@qamadness.com