Please bear in mind, that providing personal data, as well as consent to their processing, are voluntary. However, failure to provide certain information, as a rule marked on the Administrator’s pages as mandatory, will be associated with the inability to perform the service and achieve a specific purpose or take specific actions.
Providing by the User of data that is not mandatory or excess data that the Administrator does not need to process is based on the User’s decision (consent). The User gives consent to the processing of this data and to anonymize the data that the Administrator does not require and does not want to process, and yet the User has provided it to the Administrator.
3. What data does Administrator collect?
When Administrator refers to “personal data”, Administrator means information about an individual from which that person can be identified. This does not include data where the individual’s identity has been removed.
Administrator may collect, use, store and transfer the following type of data:
|Contact Data||User’s full name (name and surname), email address|
|Technical Data||Information about how User uses Website (e.g. URL), User’s internet protocol (IP) address, operating system and platform, browser type and version, time zone setting, location data, preferred language, information on how long User visits each page, which links User chooses to click, unique device identifiers, cookie data and other identifying information required for User’s device to communicate with this Website.|
|Marketing and Communications Data||User’s preferences in receiving marketing as well as User’s preferred form of communication.|
Administrator will not necessarily collect all of the above data about Users. For example, if User is merely visiting the Website then Administrator will usually just collect Technical Data about User and User’s device. Administrator does not process any “special categories” of personal data about Users (i.e. information about User’s race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).
Administrator tries to be sure that the personal data Administrator holds about Users is accurate, and so please get in touch with Administrator if your personal data changes so Administrator can update the records. You can contact Administrator by email: [email protected]
4. How does Administrator collect data?
Administrator collects personal data about User from a number of different sources depending on who User is and what personal data it is. Administrator collects personal data:
- From User directly: when User contacts Administrator using the “Contact Form” provided on this Website, when User signs up to receive the newsletter and offers, and corresponds with Administrator by post, phone, email, through social media, or otherwise.
- From User’s device: when User accesses this Website.
5. How does Administrator use User’s personal data?
The User’s personal data on the Administrator’s Website may be processed for the following purposes and on the following legal grounds:
– purpose: for performance of the service, sending an offer (e.g. advertising) at the User’s request, legal ground: necessity to conclude and / or perform a contract or take action on request (art. 6 clause 1 lit. b GDPR);
– purpose: for granting a discount or informing about promotions and interesting offers of the Administrator or entities recommended by him, legal ground: consent (art. 6 clause 1 lit. a GDPR);
– purpose: for contacting User in matters related to the service, legal ground: necessity to conclude and / or perform a contract or take action on request (art. 6 clause 1 lit. b GDPR);
– purpose: for contacting User to present the offer and direct marketing, legal ground: consent, (art. 6 clause 1 lit. a GDPR);
– purpose: for creating registers related to the GDPR and other regulations, legal ground: obligation arising from legal provisions (art. 6 clause 1 lit. c GDPR) and legitimate interest of the administrator (art. 6 clause 1 lit. f GDPR)
– purpose: for archival and evidence-based, for the purpose of securing information that can be used to prove facts, legal ground: legitimate interest of the administrator (art. 6 clause 1 lit. f GDPR)
– purpose: for analytical, consisting, inter alia, of analyzing data collected automatically when using the Website, including cookies e.g. Google Analytics cookies, legal ground: legitimate interest of the administrator (art. 6 clause 1 lit. f GDPR);
– purpose: for managing the Website; legal ground: legitimate interest of the administrator (art. 6 clause 1 lit. f GDPR);
– purpose: for satisfaction surveys on services offered, legal ground: legitimate interest of the administrator (art. 6 clause 1 lit. f GDPR);
– purpose: for placing by the User opinions on services provided by the Administrator and opinion polls through surveys, legal ground: consent (art. 6 clause 1 lit. a GDPR);
– purpose: for the Administrator’s internal administrative purposes related to managing contact with the User, which is the legitimate interest of the Data Administrator, legal ground: legitimate interest of the administrator (art. 6 clause 1 lit. f GDPR);
– purpose: in order to send the newsletter, legal ground: legitimate interest of the administrator consisting in the processing of data for direct marketing purposes (art. 6 clause 1 lit. f GDPR) and consent (on the basis of the Act on the provision of electronic services)
– purpose: in order to adapt the content displayed on the Administrator’s websites to individual needs and to constantly improve the quality of services offered, legal ground: legitimate interest of the administrator (art. 6 clause 1 lit. f GDPR);
– purpose: for direct marketing directed to the User own products or services or recommended products of third parties, legal ground: legitimate interest of the administrator (art. 6 clause 1 lit. f GDPR);
– purpose: in order to create User’s own databases, legal ground: legitimate interest of the administrator (art. 6 clause 1 lit. f GDPR);
– purpose: to operate a fanpage on Facebook under the name Kasia Ciupa , an account on the Instagram portal under the name Kasia Ciupa, account on the Linkedin portal under the name Katarzyna Ciupa, and interacting with users of these places on social media, legal ground: legitimate interest of the administrator (art. 6 clause 1 lit. f GDPR);
– purpose: for commenting on blog entries on the Website; legal ground: consent (art. 6 clause 1 lit. a GDPR);
Administrator may process User’s personal data for more than one lawful ground depending on the specific purpose for which Administrator is using User’s data. The purpose, scope and categories of recipients of data processed by Administrator will result from actions taken by User each time as part of using this Website.
If Administrator needs to process your personal data for a different purpose that is not compatible with the original purpose, then Administrator will let you know. Please note that Administrator may also process your personal data for a different purpose than listed above and without your consent where it is necessary for Administrator to comply with Administrator’s legal obligations.
6. How does Administrator stores your data and how does Administrator keeps your data safe?
The User’s personal data is stored and protected with due diligence, in accordance with the Administrator’s internal procedures implemented. The Administrator processes information about the User using appropriate technical and organizational measures that meet the requirements of generally applicable law, in particular the provisions on personal data protection and prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification.
At the same time, the User should exercise diligence in securing his personal data transferred as part of the Internet, in particular not disclosing his login data to third parties, use anti-virus security and update the software.
7. How User can opt out of marketing
Administrator only directly market to User by email ((incl. newsletter) where it is legally allowed, for example where User has consented and did not chose to opt out. When directly marketing (incl. newsletter) to User Administrator may use a combination of the data Administrator holds about User to form a view on what Administrator thinks User would be interested in.
Administrator only wants to market to those who actually want to hear from Administrator. User can ask Administrator to stop sending User marketing messages (incl. newsletter) at any time by:
- Selecting the opt-out link on any marketing message sent to User; or
- Emailing [email protected] with User’s request
If the User has agreed to a specific action, such consent may be withdrawn at any time, which will result in deleting the email address from the Administrator’s mailing list and ceasing the indicated actions. Withdrawal of consent does not affect the processing of data that was made on the basis of consent before its withdrawal.
8. Who is User’s data shared with?
User data may be processed by the Administrator’s subcontractors – these are the entities whose services the Administrator uses in the performance of his duties. Administrator may share Users personal data with the following third parties for the purpose set out in the table above:
- Marketing, communications, advertising, public relations suppliers and analytics companies, including Google Analytics.
- Contractors who help Administrator to provide you with services, such as IT, cloud, telecommunications, security, mailing, client relationship management and system administration services.
User’s data may be transferred outside of the European Union to third countries. If this happens, they will be transferred only to recipients who have entered into the Privacy Shield agreement or to those who guarantee the highest protection and security of data. This guarantees the appropriate level of protection of personal data required by European regulations.
9. How long does Administrator keeps User’s data for?
Administrator stores User’s personal data for different periods of time depending upon the purposes for which Administrator collected it and Administrator does not store User’s personal data for longer than is necessary to fulfil these purposes. As a result, User’s personal data will be processed for the period necessary to achieve the purposes for which the data are processed or until an objection is lodged, if the basis for processing is the legitimate interest of the Administrator or withdrawal of consent, if the basis for processing is consent. Later, the Administrator will store them until any claims expire or until the obligation to store data resulting from legal provisions expires.
10. What rights does User have?
Administrator would like to make sure User is fully aware of all of User’s data protection rights. Every User is entitled to the following:
- The right to withdraw consent
- The right of access
- The right to erasure
- The right to rectification
- The right to data portability
- The right to object
- Notification of data breaches
- The right to lodge a complaint with a supervisory authority
In order to exercise the rights, please contact the Administrator by e-mail address: [email protected] indicating the scope of the requests. The answer will be given not later than 30 days from the day of receipt of the request and its justification
11. What are cookies?
A cookie is a small file of letters and numbers that is sent from a website and stored in a user’s internet browser or their hard drive at the same time as the user is browsing that website. Cookies can be used by websites to make a user’s experience more efficient.
Cookies cannot transmit viruses and similarly they cannot install malware onto your computer, however they can be used for tracking purposes and as such are a privacy concern to some users.
For further information, visit allaboutcookies.org.
12. The basis for using cookies
Cookies are used with User’s consent. User’s consent is expressed through appropriate software settings, in particular an internet browser, installed on the telecommunications device User uses to view the content on the Website.
14. What types of cookies are used on the site?
The Website uses the following types of cookies:
- session cookies, which are automatically deleted after closing the web browser;
- persistent cookies that are stored on your device for a specified period of time; storage of these files is not dependent on closing the browser;
- own cookies that are set by the Website;
- third party cookies set by other websites such as (i) Facebook conversion pixel – to manage Facebook ads and carry out remarketing activities, which is the Administrator’s legitimate interest, (ii) Google Analytics (iii) social media plugins (np. Facebook, Instagram, LinkedIn, Twitter) – see below, (iv) content from portals and websites of external suppliers such as Youtube, Vimeo, SlideShare, (v) affiliate links and partner programs, (vi) Disques – system for leaving comments on this Website (to be implemented soon).
Google Analytics is used to analyse Websites statistics. Google Analytics uses its own cookies to analyze the actions and behavior of Website Users. These files are used to store information, e.g. from which page the User came to the current website. They help improve the Website. Actions taken as part of using the Google Analytics code are based on the Administrator’s legitimate interest in creating and using statistics, which then allows improving the Administrator’s services and optimizing the Website. As part of using the Google Analytics tool, the Administrator does not process any User data enabling its identification.
The Website uses social media plugins provided by Facebook, Instagram, LinkedIn and Twitter. By displaying the Website, your browser establishes a direct connection with the servers of the above administrators social networking sites. Thanks to this, social network administrators receive information that this Website has been displayed. Information about the display of the Website along with the IP address is sent to the servers of the administrators of social networking sites.
The Administrator may embed content on the Website from portals, websites, blogs and other websites of external entities such as videos from You Tube or Vimeo.These third parties may save certain data about content played by the User.
The Administrator plans to use Disqus which is a system for leaving comments on this Website.
Disqus leaves cookies on the Administrator’s website and can also later use them for their own marketing purposes.
15. How to manage cookies?
16. Servers LOGs
Using the Website involves sending queries to the server on which the website is stored. Each query directed to the server is saved in the server’s logs. Logs include, among others User’s IP address, server date and time, information about the web browser and operating system User is using. Logs are saved and stored on the server. The data saved in the server logs are not associated with specific people using the site and are not used by Administrator to identify Users. Server logs are only auxiliary material used to administer the website, and their content is not disclosed to anyone except persons authorized to administer the server.
17. Privacy policies of other websites
19. How to contact Administrator?
This policy is effective as of 7 May 2020.