privacy policy

PRIVACY POLICY

  1. This Privacy Policy governs the processing of personal data obtained through the stefankostrzeb. pl website (hereinafter referred to as the “Website”).
  2. .The owner of the site and at the same time the Data Administrator is Stefan Korzeb, hereinafter referred to as the Administrator, FIN TIME SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, email korzebstefan@gmail. com, address 3 Montażowa St. Warsaw 04-853 PL – Poland, telephone number +48. 502894180, VAT number 9522179793.
  3. Personal data collected by the Administrator through the Website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), also known as RODO.
  4. The Administrator takes special care to respect the privacy of Customers visiting the Website.
  • 1. Type of data processed, purposes and legal basis
  1. The controller collects information on natural persons who conclude a legal transaction not directly related to their activity, natural persons who carry out a commercial or professional activity on their own behalf, and natural persons who represent legal persons or organisational units that are not legal persons granted legal capacity by law to carry out a commercial or professional activity on their own behalf. practice, hereinafter referred to as the customer.
  2. The customer’s personal data is collected if:
    Use of the contact form service on the website to fulfill an electronically issued contract. Legal basis: Necessity for the performance of the contract for the provision of the service of the contact form (Art. 6 para. 1 lit. b GDPR)
  3. When using the contact form, the customer provides the following data:

– email address

– name

– phone number

4. When using the Website, additional information may be collected, in particular: the IP address assigned to the Customer’s computer or the external IP address of the Internet provider, domain name, browser type, access time, type of operating system.

5. Navigation data may also be collected from Customers, including information about the links and references they choose to click on or other actions they take on the Website. Legal basis – legitimate interest (Article 6(1)(f) RODO) to facilitate the use of electronically provided services and to improve the functionality of these services.

6. Submission of personal data to the Administrator is voluntary.

  • 2. To whom is the data shared or entrusted and how long is it kept?
  1. The Customer’s personal data is transferred to the service providers used by the Administrator in the operation of the Website. Service providers to whom personal data is transferred, depending on contractual arrangements and circumstances, are either subject to the Administrator’s instructions as to the purposes and means of processing such data (processors) or determine the purposes and means of processing themselves (controllers).

 1. 1 Processors. The Administrator uses suppliers who process personal data only at the Administrator’s direction. These include hosting providers, accounting services, marketing systems, systems for analyzing website traffic, systems for analyzing the effectiveness of marketing campaigns

1. 2. Administrators. The controller employs suppliers who do not act exclusively on instructions and determine the purposes and means of using the customer’s personal data. They offer electronic payment and banking services.

2. Location. The service providers are headquartered in Poland and other countries of the European Economic Area (EEA).

3.Customers’ personal data are stored:

3.1 If the basis for the processing of personal data is consent then the Customer’s personal data shall be processed by the Administrator as long as the consent is not revoked, and after revocation of consent for a period of time corresponding to the period of limitation of claims that the Administrator may raise and that may be raised against the Customer. Unless a special provision provides otherwise, the statute of limitations is six years, and for claims for periodic benefits and claims related to the conduct of business – three years.

3.2 In the event of a request, the Administrator provides personal data to authorized state authorities, in particular to organizational units of the Prosecutor’s Office, the Police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.

  • 3. Cookie mechanism, IP address

1.The website uses small files called cookies. They are saved by the Administrator on the end device of the person visiting the Website, if the web browser allows it. A cookie file usually contains the name of the domain it comes from, its “expiration time” and an individual, randomly selected number identifying this file. Information collected using this type of files helps to adapt the products offered by the Administrator to individual preferences and actual needs of people visiting the Website.

2.The administrator uses two types of cookies:

2.1. Session cookies: after the browser session ends or the computer is turned off, the saved information is deleted from the device’s memory. The session cookie mechanism does not allow for downloading any personal data or any confidential information from Clients’ computers.

2.2. Persistent cookies: they are stored in the memory of the Customer’s end device and remain there until they are deleted or expire. The mechanism of persistent cookies does not allow downloading any personal data or any confidential information from the clients’ computer.

3.The administrator uses proprietary cookies for the following purposes:

 3.1. analysis and research, as well as audience auditing, and in particular to create anonymous statistics that help to understand how Customers use the Website, which allows to improve its structure and content.

4.The administrator uses external cookies for the following purposes:

4. 1. presenting on the information pages of the Site, a map indicating the location of the Administrator’s office, using the maps. google. com website (external cookie administrator: Google Inc. based in the USA)

5. The cookie mechanism is safe for the computers of the customers who visit the website. In particular, it is not possible to get viruses or other unwanted software or malware onto customers’ computers via this route. However, in their browsers, customers have the option to limit or disable access of cookies to computers. If you use this option, the use of the Website will be possible, except for functions that by their nature require cookies.

6. The Administrator may collect IP addresses of Customers. An IP address is a number assigned to the computer of a visitor to the Website by an Internet Service Provider. The IP number allows access to the Internet. In most cases, it is assigned to a computer dynamically, i. e. , it changes each time it connects to the Internet, and for this reason it is commonly treated as non-personal identifying information. The IP address is used by the Administrator to diagnose technical problems with the server, to create statistical analysis (e. g. determining from which regions we record the most visits), as information useful for administration and improvement of the Website, as well as for security purposes and possible identification of server-loading, unwanted automatic programs for browsing the content of the Website.

  • 4. Rights of data subjects

1.Right to revoke consent – legal basis: Article 7(3) of the RODO.

1.1 The customer shall have the right to withdraw any consent he/she has given

1.2Withdrawal of consent has effect from the moment of withdrawal of consent.

1.3Withdrawal of consent shall not affect the processing performed by the Administrator in accordance with the law before its withdrawal.

1.4 Withdrawal of consent shall not entail any negative consequences for the Customer, but may prevent further use of services or functionalities that, according to the law, the Administrator may provide only with consent.

2.The right to object to the processing of data – legal basis: article 21 RODO.

2.1 The Customer has the right at any time to object – for reasons related to his/her particular situation – to the processing of his/her personal data, including profiling, if the Administrator processes his/her data based on legitimate interests, such as marketing the Administrator’s products and services, keeping statistics on the use of particular functionalities of the Website and facilitating the use of the Website, as well as satisfaction surveys.

2. 2. If you opt out of receiving marketing communications about products or services via email, you object to the processing of your personal data, including profiling for these purposes.

2. 3. If the Customer’s objection proves to be justified, the Administrator does not have any other legal basis for the processing of personal data, the Customer’s personal data to which the Customer has objected will be deleted.

3.Right to erasure (“right to be forgotten”) – Legal basis: Art. 17 GDPR.

3. 1. The Customer has the right to request the deletion of all or some personal data.

3. 2. The Customer has the right to request the erasure of personal data if:

3. 2. 1. Personal data are no longer required for the purposes for which they were collected or processed

3. 2. 2. has revoked a specific consent, insofar as personal data have been processed on the basis of his consent

3. 2. 3. Objection to the use of your data for marketing purposes

3. 2. 4. Personal data are processed unlawfully

3. 2. 5. Personal data must be deleted in order to comply with a legal obligation under EU law or the law of the Member States to which the controller is subject

3. 2. 6. Personal data were collected in connection with the provision of information society services

3. 3. Despite the request for the erasure of personal data, in connection with an objection or revocation of consent, the controller may retain certain personal data to the extent that the processing is necessary for the establishment, exercise or defence of legal claims and for the fulfilment of a legal obligation which the processing is required under Union law or the law of the Member States, to which the controller is subject. This applies in particular to personal data such as: first name, last name, e-mail address, which are stored for the purpose of processing complaints and claims in connection with the use of the controller’s services, or additionally residential / postal address, order number, which are stored for the purpose of processing complaints and claims in connection with concluded sales contracts or services.

4.The right to restrict data processing – legal basis: article 18 RODO.

4.1The customer has the right to request restriction of processing of his personal data. The submission of a request, pending its processing, prevents the use of certain functionalities or services, the use of which will involve the processing of data covered by the request. The administrator will also not send any communications, including marketing.

4.2 The customer has the right to request a restriction on the use of personal data in the following cases:

4. 2. 1. when he or she questions the correctness of his or her personal data, in which case the Administrator restricts their use for the time necessary to verify the correctness of the data, but no longer than for 7 days

4. 2. 2. if the processing is unlawful and the customer requests the restriction of the use of the data instead of deletion

4. 2. 3. when the personal data is no longer necessary for the purposes for which it was collected or used but is needed by the Customer to establish, assert or defend claims

4. 2. 4. when he or she has objected to the use of his or her data, in which case the restriction shall be for the time necessary to consider whether, due to the particular situation, the protection of the Client’s interests, rights and freedoms outweighs the interests pursued by the Administrator in processing the Client’s personal data.

5.Right of access to data – legal basis: article 15 RODO.

5.1 The Customer has the right to obtain confirmation from the Administrator as to whether it is processing personal data, and if it is the case, the Customer has the right:

5. 1. 1. gain access to your personal data

5. 1. 2. obtain information about the purposes of processing, categories of personal data processed, recipients or categories of recipients of such data, the planned period of storage of the Customer’s data or the criteria for determining this period (when it is not possible to determine the planned period of data processing), the Customer’s rights under the RODO and the right to lodge a complaint to the supervisory authority, the source of such data, about automated decision-making, including profiling, and the safeguards applied in connection with the transfer of such data outside the European Union

5. 1. 3. obtain a copy of your personal data.

6.The right to rectify data – legal basis: article 16 of RODO.

6.1The customer shall have the right to request the Administrator to immediately rectify personal data concerning him/her that is incorrect. Taking into account the purposes of the processing, the Data Subject Customer has the right to request the completion of incomplete personal data, including by providing an additional statement, by directing the request to the e-mail address in accordance with §6 of the Privacy Policy.

7.Right to data portability – legal basis: article 20 RODO.

7. 1 The customer has the right to receive his/her personal data, which he/she provided to the Administrator, and then send it to another personal data controller of his/her choice. The customer also has the right to request that the personal data be sent by the Administrator directly to such an administrator, if technically possible. In such a case, the Administrator will send the Customer’s personal data in the form of a file in csv format, which is a commonly used, machine-readable format that allows sending the received data to another personal data controller.

8. In a situation where the Client has asserted an entitlement under the above rights, the Administrator shall either fulfill the request or refuse to do so immediately, but no later than one month after receiving it. However, if – due to the complexity of the request or the number of requests – the Administrator is not able to fulfill the request within one month, it will fulfill it within another two months informing the Client in advance – within one month of receiving the request – of the intended extension of the deadline and the reasons for it.

9. The Customer may submit complaints, inquiries and requests to the Administrator regarding the processing of his personal data and the exercise of his rights.
10.The customer has the right to lodge a complaint with the President of the Office for Personal Data Protection, with regard to violation of his/her data protection rights or other rights granted under the RODO.

  • 5. Changes to the Privacy Policy

1. The Privacy Policy is subject to change, of which the Administrator has no obligation to inform.

2. For questions related to the Privacy Policy, please contact: korzebstefan@gmail. com.

3. Date of last modification: 11. 02. 2022