Privacy & Cookie Policy
Last updated: March 22, 2026
1. Introduction
The protection of your personal data is important to us. Please read this Privacy and Cookie Policy carefully before using the https://mmrlab.net website (the "Service") operated by Anton Lazhechnikau MMRLAB.
This Policy is governed by:
- Regulation (EU) 2016/679 — General Data Protection Regulation (GDPR / RODO)
- The Polish Personal Data Protection Act of May 10, 2018 (Ustawa o ochronie danych osobowych)
- The Polish Telecommunications Law Act (Prawo telekomunikacyjne) — regarding cookies
2. Data Controller
- Legal Name: Anton Lazhechnikau MMRLAB
- NIP: 8393264207
- REGON: 544280314
- Registered Address: ul. Klonowa 7/29, 76-200 Slupsk, Poland
- Contact Email: [email protected]
3. Data Processors (Third Parties)
We share personal data with the following processors, who act under data processing agreements:
- Stripe Payments Europe Limited (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) — payment processing, fraud prevention. Stripe processes data in accordance with PCI DSS and their Privacy Policy.
- PayPal (Europe) S.a r.l. et Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg) — payment processing. PayPal processes data in accordance with their Privacy Policy.
- CryptoCloud — cryptocurrency payment processing. CryptoCloud processes transaction data (amounts, order identifiers, wallet addresses) in accordance with their Privacy Policy.
- Cloudflare, Inc. (101 Townsend St, San Francisco, CA, USA) — CDN, DDoS protection, and security services. Cloudflare processes traffic data (IP addresses, request headers) as part of content delivery. Data transfers to the USA are covered by the EU-US Data Privacy Framework. See Cloudflare Privacy Policy.
- Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland) — Microsoft Clarity for website analytics (session recordings, heatmaps, click/scroll data, device information). Data may be transferred to the USA under the EU-US Data Privacy Framework. See Microsoft Privacy Statement. Clarity is activated only after you provide cookie consent.
- Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany) — hosting and infrastructure. Data is stored within the EU.
- Google LLC — Google OAuth for sign-in. Data transfers to the USA are protected by Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework.
4. Personal Data We Collect
| Data | Purpose | Legal Basis | Retention |
|---|
| Name, email address |
Account creation, contract performance, communication |
GDPR Art. 6(1)(b) — contract |
Duration of account + 5 years |
| Billing data (name, address) |
Invoicing, tax compliance |
GDPR Art. 6(1)(c) — legal obligation |
5 years (Polish tax law) |
| IP address, browser data |
Security, fraud prevention, technical operations |
GDPR Art. 6(1)(f) — legitimate interest |
12 months |
| Payment data (card number, PayPal email, wallet address) |
Payment processing |
GDPR Art. 6(1)(b) — contract |
Handled by Stripe / PayPal / CryptoCloud directly; not stored by MMRLAB |
| Steam ID, game data |
Service delivery, matching with coaches |
GDPR Art. 6(1)(b) — contract |
Duration of account + 5 years |
| Chat messages (Telegram, on-site chat) |
Customer support |
GDPR Art. 6(1)(f) — legitimate interest |
12 months |
| Usage data (clicks, scrolls, session recordings) |
Website improvement, UX analytics (Microsoft Clarity) |
GDPR Art. 6(1)(a) — consent |
13 months |
Payment card details (card number, CVV, expiry) are transmitted directly to Stripe or PayPal. MMRLAB does not process or store full payment card data on its servers.
5. International Data Transfers
Some of our processors are located outside the European Economic Area (EEA):
- Google LLC (USA) — protected by SCCs and the EU-US Data Privacy Framework.
- Cloudflare, Inc. (USA) — protected by the EU-US Data Privacy Framework.
- Microsoft (USA) — protected by the EU-US Data Privacy Framework.
Our hosting (Hetzner) and primary payment processing (Stripe) infrastructure is located within the EU.
6. Cookie Policy
Our website uses the following types of cookies:
- Strictly necessary cookies — required for the website to function (session, authentication, language preference). Cannot be disabled. Legal basis: GDPR Art. 6(1)(f) — legitimate interest.
- Analytics cookies (Microsoft Clarity) — help us understand how visitors use the site through session recordings, heatmaps, and usage statistics. These cookies are only set after you give consent via the cookie banner. Legal basis: GDPR Art. 6(1)(a) — consent.
- Third-party cookies (Stripe, PayPal) — set by payment processors during checkout for secure payment processing and fraud prevention.
You can withdraw your cookie consent at any time by clicking the cookie settings link in the footer or by clearing cookies in your browser settings. Disabling strictly necessary cookies may affect the functionality of the website.
7. Your Rights Under GDPR
As a data subject, you have the right to:
- Access — request a copy of your personal data.
- Rectification — request correction of inaccurate data.
- Erasure — request deletion of your data ("right to be forgotten").
- Restriction — request limitation of processing.
- Portability — receive your data in a machine-readable format.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — at any time, without affecting prior processing.
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- SSL/TLS encryption for all data in transit
- Industry-standard cryptographic hashing for password storage
- AES-256 encryption for sensitive account credentials
- Regular security updates and monitoring
- Access controls and audit logging
9. Supervisory Authority
If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with the Polish supervisory authority:
- Name: Urzad Ochrony Danych Osobowych (UODO)
- Address: ul. Stawki 2, 00-193 Warszawa, Poland
- Website: https://uodo.gov.pl/
10. Changes to This Policy
We may update this Policy from time to time. Material changes will be communicated via the Service. The "Last updated" date at the top reflects the most recent revision.