Privacy Policy 

Privacy Policy

1. Introduction

This Privacy Policy sets out the rules for the processing and protection of personal data provided by Users and Cookies, as well as other technologies appearing on the website (“Website”). It is’s policy to respect Users privacy regarding any information that may be collected from Users across website, The administrator of this Website and personal data provided under this Website is a natural person, Katarzyna Ciupa (“Administrator”)

Please bear in mind, that providing personal data, as well as consent to their processing, are voluntary. However, failure to provide certain information, as a rule marked on the Administrator’s pages as mandatory, will be associated with the inability to perform the service and achieve a specific purpose or take specific actions.

Providing by the User of data that is not mandatory or excess data that the Administrator does not need to process is based on the User’s decision (consent). The User gives consent to the processing of this data and to anonymize the data that the Administrator does not require and does not want to process, and yet the User has provided it to the Administrator.

The Administrator reserves the right to make changes to the privacy policy, and every User of the site is obliged to know the current privacy policy. The reason for the changes may be the development of internet technology, changes in generally applicable law or the development of the Website, e.g. through the use of new tools by the Administrator. At the bottom of the page is the date of publication of the current Privacy Policy.

This Privacy Policy applies only to Administrator’s online activities and is valid for Users to Administrator’s website. This policy is not applicable to any information collected offline or via channels other than this Website.

If Users have any questions or concerns regarding privacy policy on the website, Users can email: [email protected]

By using this Website (incl. blog), you hereby consent to Administrator’s Privacy Policy and agree to its terms.

2. The Administrator of personal data

Katarzyna (Kasia) Ciupa, Zamość, Poland, email: [email protected] is the administrator of personal data (“Administrator”) on the website at https// (“Website”). Users can contact Administrator by email: [email protected]

3. What data does Administrator collect?

When Administrator refers to “personal data”, Administrator means information about an individual from which that person can be identified. This does not include data where the individual’s identity has been removed.

Administrator may collect, use, store and transfer the following type of data:

Contact Data User’s full name (name and surname), email address
Technical Data Information about how User uses Website (e.g. URL), User’s internet protocol (IP) address, operating system and platform, browser type and version, time zone setting, location data, preferred language, information on how long User visits each page, which links User chooses to click, unique device identifiers, cookie data and other identifying information required for User’s device to communicate with this Website.
Marketing and Communications Data User’s preferences in receiving marketing as well as User’s preferred form of communication.

Administrator will not necessarily collect all of the above data about Users. For example, if User is merely visiting the Website then Administrator will usually just collect Technical Data about User and User’s device. Administrator does not process any “special categories” of personal data about Users (i.e. information about User’s race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).

Administrator tries to be sure that the personal data Administrator holds about Users is accurate, and so please get in touch with Administrator if your personal data changes so Administrator can update the records. You can contact Administrator by email: [email protected]

4. How does Administrator collect data?

Administrator collects personal data about User from a number of different sources depending on who User is and what personal data it is. Administrator collects personal data:

  • From User directly: when User contacts Administrator using the “Contact Form” provided on this Website, when User signs up to receive the newsletter and offers, and corresponds with Administrator by post, phone, email, through social media, or otherwise.
  • From User’s device: when User accesses this Website.

This Website  uses cookies to automatically collect data, including personal data, in order to help Administrator improve future functionality and to distinguish particular User from other Users. For more information about the cookies which Administrator uses on this Website, what data they collect and how to block them, please see below the section of this document dedicated to cookies.

5. How does Administrator use User’s personal data?

 The User’s personal data on the Administrator’s Website may be processed for the following purposes and on the following legal grounds:

– purpose: for performance of the service, sending an offer (e.g. advertising) at the User’s request, legal ground: necessity to conclude and / or perform a contract or take action on request (art. 6 clause 1 lit. b GDPR);

– purpose: for granting a discount or informing about promotions and interesting offers of the Administrator or entities recommended by him, legal ground: consent (art. 6 clause 1 lit. a GDPR);

– purpose: for contacting User in matters related to the service, legal ground: necessity to conclude and / or perform a contract or take action on request (art. 6 clause 1 lit. b GDPR);

– purpose: for contacting User to present the offer and direct marketing, legal ground: consent, (art. 6 clause 1 lit. a GDPR);

– purpose: for creating registers related to the GDPR and other regulations, legal ground: obligation arising from legal provisions (art. 6 clause 1 lit. c GDPR) and legitimate interest of the administrator (art. 6 clause 1 lit. f GDPR)

– purpose: for archival and evidence-based, for the purpose of securing information that can be used to prove facts, legal ground: legitimate interest of the administrator (art. 6 clause 1 lit. f GDPR)

– purpose: for analytical, consisting, inter alia, of analyzing data collected automatically when using the Website, including cookies e.g. Google Analytics cookies, legal ground: legitimate interest of the administrator (art. 6 clause 1 lit. f GDPR);

– purpose: for the use of cookies on the Website and its subpages, legal ground: consent (art. 6 clause 1 lit. a GDPR);

– purpose: for managing the Website; legal ground: legitimate interest of the administrator (art. 6 clause 1 lit. f GDPR);

– purpose: for satisfaction surveys on services offered, legal ground: legitimate interest of the administrator (art. 6 clause 1 lit. f GDPR);

– purpose: for placing by the User opinions on services provided by the Administrator and opinion polls through surveys, legal ground: consent (art. 6 clause 1 lit. a GDPR);

– purpose: for the Administrator’s internal administrative purposes related to managing contact with the User, which is the legitimate interest of the Data Administrator, legal ground: legitimate interest of the administrator (art. 6 clause 1 lit. f GDPR);

– purpose: in order to send the newsletter, legal ground: legitimate interest of the administrator consisting in the processing of data for direct marketing purposes (art. 6 clause 1 lit. f GDPR) and consent (on the basis of the Act on the provision of electronic services)

– purpose: in order to adapt the content displayed on the Administrator’s websites to individual needs and to constantly improve the quality of services offered, legal ground: legitimate interest of the administrator (art. 6 clause 1 lit. f GDPR);

– purpose: for direct marketing directed to the User own products or services or recommended products of third parties, legal ground: legitimate interest of the administrator (art. 6 clause 1 lit. f GDPR);

– purpose: in order to create User’s own databases, legal ground: legitimate interest of the administrator (art. 6 clause 1 lit. f GDPR);

– purpose: to operate a fanpage on Facebook under the name Kasia Ciupa , an account on the Instagram portal under the name Kasia Ciupa, account on the Linkedin portal under the name Katarzyna Ciupa, and interacting with users of these places on social media, legal ground: legitimate interest of the administrator (art. 6 clause 1 lit. f GDPR);

– purpose: for commenting on blog entries on the Website; legal ground: consent (art. 6 clause 1 lit. a GDPR);

Administrator may process User’s personal data for more than one lawful ground depending on the specific purpose for which Administrator is using User’s data. The purpose, scope and categories of recipients of data processed by Administrator  will result from actions taken by User each time as part of using this Website.

If Administrator needs to process your personal data for a different purpose that is not compatible with the original purpose, then Administrator will let you know. Please note that Administrator  may also process your personal data for a different purpose than listed above and without your consent where it is necessary for Administrator to comply with Administrator’s legal obligations.

6. How does Administrator stores your data and how does Administrator keeps your data safe?

The User’s personal data is stored and protected with due diligence, in accordance with the Administrator’s internal procedures implemented. The Administrator processes information about the User using appropriate technical and organizational measures that meet the requirements of generally applicable law, in particular the provisions on personal data protection and prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification.

At the same time, the User should exercise diligence in securing his personal data transferred as part of the Internet, in particular not disclosing his login data to third parties, use anti-virus security and update the software.

7. How User can opt out of marketing

Administrator only directly market to User by email ((incl. newsletter) where it is legally allowed, for example where User has consented and did not chose to opt out. When directly marketing (incl. newsletter) to User Administrator may use a combination of the data Administrator holds about User to form a view on what Administrator thinks User would be interested in.

Administrator only wants to market to those who actually want to hear from Administrator. User can ask Administrator to stop sending User marketing messages (incl. newsletter) at any time by:

  • Selecting the opt-out link on any marketing message sent to User; or
  • Emailing  [email protected] with User’s request

If the User has agreed to a specific action, such consent may be withdrawn at any time, which will result in deleting the email address from the Administrator’s mailing list and ceasing the indicated actions. Withdrawal of consent does not affect the processing of data that was made on the basis of consent before its withdrawal.

8. Who is User’s data shared with?

User data may be processed by the Administrator’s subcontractors – these are the entities whose services the Administrator uses in the performance of his duties. Administrator may share Users personal data with the following third parties for the purpose set out in the table above:

  • Marketing, communications, advertising, public relations suppliers and analytics companies, including Google Analytics.
  • Contractors who help Administrator to provide you with services, such as IT, cloud, telecommunications, security, mailing, client relationship management and system administration services.

User’s data may be transferred outside of the European Union to third countries. If this happens, they will be transferred only to recipients who have entered into the Privacy Shield agreement or to those who guarantee the highest protection and security of data. This guarantees the appropriate level of protection of personal data required by European regulations.

Link to the list of entities that have joined the “Privacy Shield”: Detailed information is available in the content of the privacy policy of each of the providers of these services, available on their websites. User should always read the privacy policies of these providers in order to receive current information on the protection of personal data.

9. How long does Administrator keeps User’s data for?

Administrator stores User’s personal data for different periods of time depending upon the purposes for which Administrator collected it and Administrator does not store User’s personal data for longer than is necessary to fulfil these purposes. As a result, User’s personal data will be processed for the period necessary to achieve the purposes for which the data are processed or until an objection is lodged, if the basis for processing is the legitimate interest of the Administrator or withdrawal of consent, if the basis for processing is consent. Later, the Administrator will store them until any claims expire or until the obligation to store data resulting from legal provisions expires.

10. What rights does User have?

Administrator  would like to make sure User is fully aware of all of User’s data protection rights. Every User is entitled to the following:

  • The right to withdraw consent
  • The right of access
  • The right to erasure
  • The right to rectification
  • The right to data portability
  • The right to object
  • Notification of data breaches
  • The right to lodge a complaint with a supervisory authority

In order to exercise the rights, please contact the Administrator by e-mail address: [email protected] indicating the scope of the requests. The answer will be given not later than 30 days from the day of receipt of the request and its justification

11. What are cookies?

A cookie is a small file of letters and numbers that is sent from a website and stored in a user’s internet browser or their hard drive at the same time as the user is browsing that website. Cookies can be used by websites to make a user’s experience more efficient.

Cookies cannot transmit viruses and similarly they cannot install malware onto your computer, however they can be used for tracking purposes and as such are a privacy concern to some users.

For further information, visit

12. The basis for using cookies

Cookies are used with User’s consent. User’s consent is expressed through appropriate software settings, in particular an internet browser, installed on the telecommunications device User uses to view the content on the Website.

13. How does this Website uses cookies?

Website uses cookies. The main purpose of the Administrator’s use of cookies is to manage the Website and improve the quality of its content. Cookies are necessary for the proper display and operation of the Website. The Administrator may process the data contained in cookies  also for the purpose of conducting anonymous statistics and analyzes showing how User uses the Website, the average duration of a visit to the Website. Cookies are not used to determine the identity of Website Users. You consent to Administrator’s cookies if you continue to use this Website.

14. What types of cookies are used on the site?

The Website uses the following types of cookies:

  • session cookies, which are automatically deleted after closing the web browser;
  • persistent cookies that are stored on your device for a specified period of time; storage of these files is not dependent on closing the browser;
  • own cookies that are set by the Website;
  • third party cookies set by other websites such as (i) Facebook conversion pixel – to manage Facebook ads and carry out remarketing activities, which is the Administrator’s legitimate interest, (ii) Google Analytics (iii) social media plugins (np. Facebook, Instagram, LinkedIn, Twitter) – see below, (iv) content from portals and websites of external suppliers such as Youtube, Vimeo, SlideShare, (v) affiliate links and partner programs, (vi) Disques – system for leaving comments on this Website (to be implemented soon).

Google Analytics is used to analyse Websites statistics. Google Analytics uses its own cookies to analyze the actions and behavior of Website Users. These files are used to store information, e.g. from which page the User came to the current website. They help improve the Website. Actions taken as part of using the Google Analytics code are based on the Administrator’s legitimate interest in creating and using statistics, which then allows improving the Administrator’s services and optimizing the Website. As part of using the Google Analytics tool, the Administrator does not process any User data enabling its identification.

The Website uses social media plugins provided by Facebook, Instagram, LinkedIn and Twitter. By displaying the Website, your browser establishes a direct connection with the servers of the above administrators social networking sites. Thanks to this, social network administrators receive information that this Website has been displayed. Information about the display of the Website along with the IP address is sent to the servers of the administrators of social networking sites.

The Administrator may embed content on the Website from portals, websites, blogs and other websites of external entities  such as videos from You Tube or Vimeo.These third parties may save certain data about content played by the User.

The Administrator’s Website may contain affiliate links to specific products or services of third parties. This is a way of monetizing the content on the Website, and made available in principle free of charge. Clicking on the link will not cause any fees on the User’s side. If User goes to the website of an external entity by clicking the affiliate link and buy the product, Administrator may be awarded a commission. By using the Website, you agree to the use of cookies in this regard.

The Administrator plans to use Disqus which is a system for leaving comments on this Website.

Disqus leaves cookies on the Administrator’s website and can also later use them for their own marketing purposes.

Detailed information about the purpose and scope of collecting this data and their processing can be found in the privacy policies of the administrators of the abovementioned service providers and external tools. Administrator recommends that User should each time, read the privacy policy of individual service providers and external tools.

15. How to manage cookies?

Most browsers accept cookies by default. User can at any time withdraw or change the scope of previously expressed consent to the use of cookies on the Website and delete them from User’s browser. User can at any time limit or disable cookies in User’s browser by such settings so that it blocks cookies or warns User before saving the cookie file on the device User uses. In this case, however, it may happen that User will not have access to some content on this Website, and in extreme cases the correct display of this Website may be completely blocked.

16. Servers LOGs

Using the Website involves sending queries to the server on which the website is stored. Each query directed to the server is saved in the server’s logs. Logs include, among others User’s IP address, server date and time, information about the web browser and operating system User is using. Logs are saved and stored on the server. The data saved in the server logs are not associated with specific people using the site and are not used by Administrator to identify Users. Server logs are only auxiliary material used to administer the website, and their content is not disclosed to anyone except persons authorized to administer the server.

17. Privacy policies of other websites

This website contains links to other websites that are not operated by the Administrator.  If User clicks on a third party link, User will be directed to that third party’s site. Unless that third party is processing User’s personal data on Administrator’s behalf, Administrator is not responsible for the privacy policies or practices of such a third party. Administrator strongly advise User to review the Privacy Policy of every website User visit. Administrator has no control over, and assume no responsibility for the content, privacy policies or practices of any third party websites or services.

18. Changes to this privacy policy

Administrator reserves the right to update this policy to reflect any changes to the way in which Administrator collects, processes or shares User’s personal data, or to reflect any legal requirements. When Administrator makes any changes, Administrator will upload the new version of privacy policy on this Website. The new version will take effect as soon as it is uploaded.

19. How to contact Administrator?

If you have any questions about Administrator’s privacy policy, the data Administrator holds on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact Administrator by sending an email at: [email protected]

This policy is effective as of 7 May 2020.

Warsaw, Poland

Next Level Value strategist

Kasia Ciupa