Privacy policy (GDPR / RODO)

Informational translation. The legally binding text is the Polish version at kreditano.pl/polityka-prywatnosci. Where Polish law uses RODO, this English text uses „GDPR" interchangeably.

This Privacy Policy is drafted under Regulation (EU) 2016/679 (GDPR, in Polish: RODO) and the Polish Personal Data Protection Act of 10 May 2018.

Data controller

The controller of your personal data is Westend Consulting Ltd („Kreditano"), with registered office at THE CORE, Triq il-Wied ta' l-Imsida, Msida, MSD 9021, Malta. For data matters, write to contact [at] kreditano [dot] com.

What data we collect

We collect identification and contact data (first name, last name, email and — optionally — phone) when you fill in the application form or sign up for alerts. We also collect data about the financial product you're searching for (amount, term, type). While you browse the site, we collect technical and navigation data (IP address, device and browser type, cookie identifiers) for operational and statistical purposes.

Sensitive data

Kreditano does not collect or process special category data (GDPR art. 9). Please don't send this kind of information through the site.

Purposes and legal basis

Primary purposes (basis: GDPR art. 6(1)(b) — performance of a contract or steps at the data subject's request): showing the comparison, handling the request, forwarding the application to the financial institution you picked.

Secondary purposes (basis: GDPR art. 6(1)(f) — controller's legitimate interest): statistical analysis, service improvement, informational communication. You can object to the secondary purposes by writing to contact [at] kreditano [dot] com, without it affecting access to the main service.

Marketing communication (basis: GDPR art. 6(1)(a) — consent): sending alerts about new offers and the Kreditano newsletter, only after your explicit, voluntary consent. You can withdraw consent at any time.

Recipients of data

To forward your application to the financial institution you picked, we may share the data you provided with that institution or with a business partner — for the sole purpose of handling your request. We don't sell your data to third parties.

Cookies and tracking technologies

We split cookies into three categories. The first one runs always, because without it the form simply won't work. You turn the other two on or off in the consent banner. Your choice, not ours.

Functional (always active). kr_vid: anonymous session identifier, valid 365 days, first party (kreditano.pl). Keeps the wizard state so you don't start over after a refresh. kr_consent: your decision from the banner, also 365 days. Without these two the site stops working properly.

Analytics (you enable in the banner). PostHog (eu.i.posthog.com): product analytics, identifiers ph_*, up to 12 months. We check where people get stuck in the comparison. First party, data lands on EU servers.

Marketing (separate consent). Google Ads (_gcl_*, gclid): campaign attribution and conversion measurement, up to 90 days. Loaded only if you tick „marketing" in the banner. If you leave it off, no pixel is loaded.

Cloudflare Turnstile protects the lead form from bots and does not set marketing or analytics cookies — it's a browser challenge, not a tracker.

Ahrefs Web Analytics is cookieless, so it runs even if you decline analytics consent. It counts unique visitors without identifying them.

You can change your mind at any time. Clear kr_consent in your browser (DevTools → Application → Cookies), or write to contact [at] kreditano [dot] com, and the banner will appear again.

Your rights (GDPR)

Under GDPR you have the right to: access your data (art. 15), correct it (art. 16), erase it (art. 17), restrict processing (art. 18), data portability (art. 20), object (art. 21) and withdraw consent (art. 7(3)). To exercise these rights, write to contact [at] kreditano [dot] com — give us your first and last name and the right you want to use.

You also have the right to lodge a complaint with the supervisory authority — in Poland that is the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warszawa.

Retention and security

We retain data only for the period needed to fulfil the purposes described and any legal obligations. We use reasonable technical and organisational measures to protect it from unauthorised access, loss and disclosure.

Changes to the Privacy Policy

We may update this Policy. The binding version is available at kreditano.pl/polityka-prywatnosci with the date of the latest update.

Last updated: June 2026.