Privacy Policy

Table of Contents

1. General Provisions
2. Basis of Data Processing
3. Purpose, Legal Basis and Duration of Data Processing on the Website
4. Recipients of the Data on the Website
5. Profiling on the Website
6. Rights of the Data Subjects
7. Website Cookies and Analytics
8. Final Provisions

1. General Provisions

This website privacy policy is for informational purposes only and does not create any obligations for website users. The privacy policy primarily sets out the principles for processing personal data by the website administrator, including the grounds, purposes, and duration of data processing, as well as the rights of data subjects. It also contains information about the use of cookies and analytics tools on the website.

2. Basis of Data Processing

The Administrator is entitled to process personal data in cases where – and to the extent that – at least one of the following conditions is met:

The data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes;
Processing is necessary to perform a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into the contract;
The processing is necessary to fulfil a legal obligation to which the controller is subject; or
Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

In any case, the processing of personal data by the Administrator requires the existence of at least one of the above-mentioned grounds. The specific grounds for data processing by the Administrator in relation to the website services are listed in the following section of the Privacy Policy – in relation to the specific purpose of processing personal data.

3. Purpose, Legal Basis and Duration of Data Processing on the Website

The purpose, legal basis, duration and recipients of personal data processed by the Administrator on the Website depend on the actions of the User on the Website.

The Administrator may process personal data on the Website for the following purposes, on the following legal bases and for the following periods:

Purpose of data processing	Legal basis for data processing	Data retention period
Conclusion and execution of a contract with the administrator	Article 6 (1) (b) GDPR (Contract)	The data will be stored for as long as necessary to execute, terminate or otherwise terminate the contract.
Direct marketing	Article 6 (1) (f) GDPR (legitimate interest of the Administrator)	The data will be stored for as long as the Administrator's legitimate interest exists, but not longer than the limitation period for the Administrator's claims against the data subject related to the Administrator's business activities. The limitation period is determined by legal provisions, in particular the Civil Code (the general limitation period for claims related to business activities is three years).
Marketing	Article 6 (1) (a) GDPR (consent)	The data will be stored until the data subject revokes his or her consent to further processing of his or her data for this purpose.
Keeping tax records	Article 6 (1) (c) GDPR (legal obligation) in conjunction with Article 86 § 1 of the Tax Code	The data will be stored for as long as required by the legal provisions for the retention of tax documents (until the expiry of the limitation period for tax obligations, unless tax law provides otherwise).
Establishment, enforcement or defense of claims	Article 6 (1) (f) GDPR (legitimate interest of the administrator)	The data will be stored for as long as the legitimate interest of the Administrator exists, but not longer than the limitation period for claims that may be asserted against the Administrator (the general limitation period for claims against the Administrator is six years).
Use of the website and ensuring its proper functioning	Article 6 (1) (f) GDPR (legitimate interest of the administrator)	The data will be stored for as long as the legitimate interest of the Administrator exists, but not longer than the limitation period for claims of the Administrator against the data subject related to the Administrator's business activities.
Creation of statistics and analysis of traffic on the website	Article 6 (1) (f) GDPR (legitimate interest of the administrator)	The data will be stored for as long as the legitimate interest of the Administrator exists, but not longer than the limitation period for claims of the Administrator against the data subject related to the Administrator's business activities.

4. Recipients of Data in the Internet Service

For the proper functioning of the website, including the proper provision of electronic services by the Administrator, it is necessary for the Administrator to use the services of external entities (such as software providers, payment service providers, etc.). The Administrator uses only the services of such processors that provide sufficient guarantees for the implementation of appropriate technical and organizational measures to ensure that processing complies with the requirements of the GDPR and protects the rights of data subjects.

Personal data may be transferred by the Administrator to a third country. In this case, the Administrator ensures that the transfer takes place to a country providing an adequate level of protection consistent with the GDPR. For other countries, the transfer takes place on the basis of the standard contractual clauses for data protection. The Administrator ensures that the data subject has access to a copy of their data. The Administrator transfers collected personal data only if and to the extent necessary to fulfill the specific purpose of data processing in accordance with this Privacy Policy.

The Administrator does not transfer data in every case and not to all recipients or categories of recipients specified in the privacy policy – the Administrator transfers data only if it is necessary to achieve the respective purpose of data processing and only to the extent necessary.

Personal data of users of the Internet service may be transmitted to the following recipients or categories of recipients:

Electronic payment or card payment service provider – In the case of a User who purchases paid services on the Website and uses electronic payments or card payments, the Administrator makes the collected personal data of the User available to a selected service provider that processes such payments on behalf of the Administrator, only to the extent necessary to process the payment.
Service providers providing the Administrator with technical, information and organizational solutions enabling the Administrator to run its business, including the Internet Service and electronic services provided through it (in particular, providers of software for operating the Internet Service, providers of email and hosting services, as well as providers of software for business management and technical support for the Administrator) – The Administrator makes collected personal data of the User available only to a selected service provider acting on behalf of the Administrator, and only to the extent necessary to achieve the specific purpose of data processing in accordance with this Privacy Policy.
Accounting, legal and consulting service providers providing accounting, legal or consulting support to the Administrator (in particular accounting offices, law firms or debt collection agencies) – The Administrator makes collected personal data of the User available only to a selected service provider acting on behalf of the Administrator and only to the extent necessary to achieve the respective purpose of data processing in accordance with this Privacy Policy.
Service providers for social plugins, scripts and similar tools that enable the browser of the visitor to the Internet service to download content from the providers of these plugins (e.g. to share content on a social profile) and in this context to transmit personal data of the visitor to these providers, including:
- Meta Platforms Ireland Limited – The Administrator uses Facebook social media plugins (e.g., the "Share" and "Like" buttons) on the Service's website and collects and transmits personal data of the User using these plugins on the Service's website to Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) to the extent and in accordance with the privacy policy available here.
- Twitter International Unlimited Company – The Administrator uses social media plugins from X (formerly Twitter) on the website of the Internet service and collects and transmits the personal data of the User who uses these plugins on the website of the Internet service to Twitter International Unlimited Company (1 Cumberland Place, Fenian Street, Dublin 2, Ireland) to the extent and in accordance with the privacy policy available here.

5. Profiling in the Internet Service

The GDPR requires the Controller to provide information about automated decisions, including profiling, pursuant to Article 22 (1) and (4) of the GDPR, including essential information on the principles underlying these decisions, as well as the significance and likely consequences of such processing for the data subject. With this in mind, the Controller provides information on possible profiling at this point in the Privacy Policy.

The Administrator may use profiling on the Service for direct marketing purposes, but decisions made on this basis do not affect the conclusion or refusal to conclude a contract with the Administrator or the possibility of using electronic services on the Service. The result of using profiling on the Service may be, for example, a reminder of uncompleted activities on the Service, sending an offer that may match a person's interests or preferences, providing a discount, or offering better conditions than the standard offer on the Service. Despite the profiling, the person concerned independently decides whether to accept, for example, the offer received in this way or the Administrator's discount.

Profiling on the Internet Service consists in the automated analysis or prediction of a person's behavior on the Internet Service's website, for example, by analyzing previous purchase history, pages viewed, or other activities performed on the Internet Service. This profiling requires the Administrator to have personal data of the person concerned in order to subsequently send them, for example, an offer.

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which legally concerns him or her or similarly significantly affects him or her.

6. Rights of the Data Subjects

Right to access, rectification, restriction, erasure, or portability – The data subject has the right to request access to their personal data from the controller, to rectify it, to erase it ("right to be forgotten"), or to restrict processing. They also have the right to object to processing and the right to data portability. The detailed conditions for exercising these rights are set out in Articles 15–21 of the General Data Protection Regulation (GDPR).
Right to withdraw consent at any time – A data subject whose data is processed by the Administrator on the basis of consent given (pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR) has the right to withdraw his or her consent at any time without affecting the lawfulness of processing carried out on the basis of that consent before its withdrawal.
Right to lodge a complaint with a supervisory authority – A data subject whose personal data is processed by the Controller has the right to lodge a complaint with a supervisory authority in the manner and according to the procedure established by the GDPR and Polish data protection law, in particular the Personal Data Protection Act. In Poland, the competent supervisory authority is the President of the Office for Personal Data Protection.
Right to object – A data subject has the right to object at any time to the processing of his or her personal data based on Article 6 (1) (e) (public interest or tasks carried out in the public interest) or (f) (legitimate interests of the controller) of the GDPR, including profiling based on these provisions. In such a case, the controller may not further process the data unless they can demonstrate compelling legitimate grounds that override the interests, rights, and freedoms of the data subject or that are necessary for the establishment, exercise, or defense of legal claims.
Right to object to direct marketing – Where personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of his or her personal data for these purposes, including profiling, with regard to such direct marketing.

In order to exercise the rights referred to in this point of the Privacy Policy, the data subject may contact the Administrator by sending an appropriate message in writing or by e-mail to the address indicated at the beginning of the Privacy Policy.

7. Cookies on the Website and Analytics

Cookies are small pieces of text sent from a server and stored on the device of the website visitor (e.g., on the hard drive of a computer, laptop, or smartphone memory card, depending on the device used). Detailed information on cookies and their history can be found, among other places, at: here.

The Administrator may provide a tool for simple and active cookie management on the website of the online service – available after the first visit to the website and after its closure, in the bottom corner of the page. Active management allows, among other things, to check which cookies are stored during the visit to the website, as well as to select and subsequently change the scope and purposes of using cookies for the visitor's device and identity. At the beginning of using the website, the visitor is asked to select the cookie settings. Subsequent changes are possible through the settings of the cookie management tool on the website.

Below, the Administrator provides a range of information regarding the use of cookies on the website of the online service, their types, purposes, and how to manage them, e.g., through the web browser settings and/or the cookie management tool on the website. The Administrator encourages the use of the cookie management tool available on the website, which allows for easy and active management of cookies during your visit to the website. If this tool is not available, the following information on managing cookies through the browser should be consulted.

By provider: own cookies (created by the administrator of the website of the online service) and third-party cookies (other than the administrator).
According to the storage period on the visitor's device: session cookies (stored until logging out of the online service or closing the web browser) and persistent cookies (stored for a certain time defined by the parameters of each cookie or until they are manually deleted).
By purpose: necessary cookies (enable the proper functioning of the Online Service website), functional/preferential cookies (enable the Online Service website to be customized to the visitor's preferences), analytical and performance cookies (collect information about the use of the Online Service website), marketing, advertising and social media cookies (collect information about the visitor of the Online Service website in order to display personalized advertising and perform other marketing activities, including on other websites outside the Online Service website, such as social media platforms or other pages of the same advertising network as the Online Service).

The Administrator may process data from cookies during the use of the website of the online service for the following specific purposes:

Identifying users logged in to the online service and displaying their login status (necessary cookies).
Storage of data from completed forms, surveys or login data for the online service (necessary and/or functional/preferential cookies).
Adapting the content of the online service's website to the user's individual preferences (e.g. regarding colors, font size, page layout) and optimizing the use of the online service's website (functional/preferential cookies).
Creation of anonymized statistics on the use of the online service website (analytical and performance cookies).
Displaying and presenting advertisements, limiting the frequency of displays and ignoring advertisements that the user does not want to see, measuring the effectiveness of advertising, as well as personalizing advertising, i.e. analyzing the behavior of users of the online service's website (e.g. repeated visits to certain pages, keywords, etc.) in order to create a profile and deliver advertising tailored to their likely interests, even when they visit other websites in the advertising network of Google Ireland Ltd. or Meta Platforms Ireland Ltd. (marketing, advertising and social media cookies).

It is possible to check which cookies are sent by the website of the online service, regardless of the web browser used, through tools such as those available on the websites: cookiemetrix.com or cookie-checker.com.

By default, most web browsers available on the market accept cookies. However, everyone has the option to specify the conditions for using cookies through their own web browser settings. This means, for example, that they can partially (e.g., temporarily) or completely exclude the storage of cookies – although this may affect some features of the online service.

Browser settings regarding cookies are important for consenting to the use of cookies by our online service – according to regulations, this consent can also be granted through browser settings. Detailed information on changing cookie settings and deleting cookies yourself in the most popular web browsers can be found in the help section of the web browser and on the following pages (simply click on the link):

The Administrator may use Google Analytics and Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on the Website of the Online Service. These services help the Administrator compile statistics and analyze traffic on the Website of the Online Service. The collected data is processed within these services to compile statistics useful in managing and analyzing traffic on the Website of the Online Service. These data are aggregated. When using these services on the Website of the Online Service, the Administrator collects data such as the sources and media through which visitors reach the Website, as well as their behavior on the Website, information about the devices and browsers they use to visit the page, IP addresses and domains, geographic data, as well as demographic data (age, gender) and interests.

It is possible to easily block the transfer of information about the activities on the website of the online service to Google Analytics - for this purpose, for example, you can install the browser add-on provided by Google Ireland Ltd., which is available here.

In connection with the possibility of the Administrator using advertising and analytical services provided by Google Ireland Ltd. on the website of the Online Service, the Administrator states that complete information on the processing of personal data of visitors to the website of the Online Service (including data stored in cookies) by Google Ireland Ltd. can be found in the privacy policy of Google services at the following address: Google Partner Sites

8. Final Provisions

The Website may contain links to other websites. The Administrator recommends that you read the privacy policy applicable there after visiting other websites. This Privacy Policy applies only to the Administrator's website.