The administrator of the website is Tomasz Huczek, Nowy Świat 7a/1, 32-020 Wieliczka, Poland, NIP (Tax Identification Number): 5492253464.
Abbreviated version – key Information
We care about your privacy and value your time. That is why we have prepared a short version of the most important rules related to privacy protection.
- By placing an order, filing a complaint, withdrawing from a contract, subscribing to a newsletter, writing a comment or simply contacting us, you provide us with information about you that includes your personal data. We guarantee that your data remain confidential, secure and will not be made available to any third party without your explicit consent.
- We entrust the processing of personal data only to verified and trusted entities providing services related to the processing of personal data.
- We use Google Analytics tools that collect information about your visits to the website such as the subpages that you have viewed, the time you spent on the website or the transitions between individual subpages. For this purpose, Google LLC cookies are used for the Google Analytics service.
- In order to target advertisements for you, we use marketing tools such as Facebook Pixel. It involves the use of Facebook cookies. In cookie settings you can decide whether you agree or not to enable us to use Facebook Pixel in your case.
- We use Disqus comments system. It involves the use of Disqus Inc. cookies.
If the above information is not enough for you, you will find further details below.
The administrator of your personal data, in accordance with the Act on the Protection of Personal Data is Tomasz Huczek, Nowy Świat 7a/1, 32-020 Wieliczka, Poland, NIP (Tax Identification Number): 5492253464.
Purposes, legal bases and specified period of the personal data processing are described separately for each purpose of the data processing (see the provisions below for a detailed description of the different purposes of the data processing).
Rights of the data subject. GDPR grants you the following potential rights related to the processing of your personal data:
- right of access to your personal data,
- right to rectification of your personal data,
- right to erasure of your personal data,
- right to restriction of processing of your personal data,
- right to object to processing of your personal data,
- right to data portability,
- right to lodge a complaint to the supervisory authority,
- right to withdraw consent for the processing of personal data, if such consent has been previously given.
The above mentioned rights can be exercised in accordance with the regulations described in art. 16 – 21 of the GDPR. We encourage you to read these regulations. It is necessary to explain that the above mentioned rights are not absolute and you are not entitled to all of them when the processing of your personal data are concerned. For your convenience, we have made every effort to indicate the rights to which you are entitled as part of the description of individual data processing procedures.
We emphasize that you always have one of the rights indicated above – shall you decide that during the processing of personal data we have violated the provision concerning the protection of personal data, you have the opportunity to lodge a complaint with the supervisory authority (President of the Office for Personal Data Protection).
Security of processing. We guarantee the confidentiality of any personal data made available to us. We ensure that all security measures and personal data protection required by provisions of the Act on the Protection of personal data are taken. The data are collected with due diligence and adequately protected against access by unauthorized persons.
Records of processing activities. We entrust the processing of personal data to the following entities:
- Zenbox Sp. Z o.o.(LLC), ul. Dąbrowskiego 7, 42-200 Częstochowa, Poland – for the purpose of storing personal data on the server,
- Rocket Science Group // 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 – for the purpose of using the MailChimp mailing system for the newsletter.
- Paddle.com Market Limited, 15 Briery Close, Great Oakley, Corby, Northamptonshire, NN18 8JG, United Kingdom – for the purpose of using invoicing system which processes your personal data when we issue an invoice,
- Paddle Payments Limited, Core B, Block 71, The Plaza, Park West, Dublin 12, Ireland – for the purpose of processing payments.
All entities entrusted with the processing of personal data guarantee the use of adequate security measures and personal data protection required by law.
As part of using the MailChimp system, the data are transferred to the USA as the data processed within the MailChimp system are stored on servers located in the USA. There is no need for concern. Provider of the MailChimp system has joined Privacy Shield program and ensures adequate level of personal data protection. Details can be found here: https://kb.mailchimp.com/accounts/management/about-the-general-data-protection-regulation.
Purposes of the processing.
Orders. When placing an order, you must provide data necessary to complete the order such as name, mailing address, e-mail address, phone number. Data provision is voluntary, but necessary for placing the order.
The data provided in the order are processed for the purpose of executing the order (art. 6 paragraph 1, point b of the GDPR), issuing an invoice (art. 6 paragraph 1, point c of the GDPR), including invoices in our accounting documentation as well as for archival and statistic purposes (art. 6 paragraph 1, point f of the GDPR).
The data provided in the order are processed as part of WordPress system with the WooCommerce plug-in and stored on a server provided by Zenbox SP. Z o.o. (LLC). What is more, the data are transferred to the MailChimp system and are stored on a server provided by the system provider.
Each order is documented with an invoice. Invoices are issued using the wFirma system and are stored on a server provided by Web INnovative Software Sp. Z o.o. (LLC). The invoice is forwarded to the accounting office Elipsa.
Orders’ data shall be processed in the time necessary to execute the order and then until the expiry of the limitation period for claims under the contract. In addition, upon the lapse of that period, the data may still be processed for statistical purposes. Please, keep in mind that we are under obligation to store invoices containing your personal data for a period of 5 years from the end of the tax year in which the tax obligation occurred.
In the case of orders’ data, the data are not subject to rectification after the order has been executed. You also cannot object to the processing of data and require erasure of the data until the expiry of the limitation period for claims under the contract. Likewise, you cannot object to the processing of data and request erasure of the data contained in the invoices. After the expiry of the limitation period for claims under the contract, you have the right to object to processing of personal data for statistic purposes, as well as to request erasure of your data from our database.
In relation to the orders’ data, you also have the right to transfer the data referred to in art. 20 of the GDPR.
Newsletter. If you want to subscribe to the newsletter you have to provide your e-mail address by filling in the subscription form.
The data provided during newsletter subscription are processed in order to send you the newsletter. The legal basis for the processing of data is your consent (art. 6 paragraph 1, point a of the GDPR) given when subscribing to the newsletter.
The data are processed as part of the MailChimp mailing system and stored on a server provided by the provider of this system.
The data are processed in the database of the mailing system for the duration of the newsletter, unless you unsubscribe, which will cause deletion of the data from the database.
The data stored in the newsletter database are subject to rectification at any time. You can also request erasure of the data by unsubscribing. You also have the right to transfer the data referred to in art. 20 of the GDPR.
Complaints and withdrawal from the contract. If you submit a complaint or withdraw from the contract, you provide us with the personal data contained in the content of the complaint or a statement of withdrawal, which should include your name, address, telephone number, e-mail address, bank account number.
The data provided to us in connection with the submission of the complaint or declaration of withdrawal from the contract are used to implement the complaint procedure or the withdrawal procedure (art. 6 paragraph 1, point c of the GDPR).
The data will be processed in the time necessary to carry out the complaint procedure or the withdrawal procedure. Complaints and declaration of withdrawal from the contract may also be archived for statistic purposes.
The data contained in complaints and declarations of withdrawal from the contract are not subject to rectification. You also cannot object to the processing of data and require erasure of the data until the expiry of the limitation period for claims under the contract. After the expiry of the limitation period for claims under the contract, you have the right to object to processing of personal data for statistic purposes, as well as to request erasure of your data from our database.
E-mail contact. By contacting us through e-mail, as well as sending inquiries through the contact form, you provide us with your e-mail address which shall be associated with the sender. What is more, in the message you can include other personal information.
In this case, your data are processed in order to contact you. The basis for processing the data is art. 6 paragraph 1, point a of the GDPR, or your consent resulting from initiating contact with us. The legal basis for processing the data after the end of the contact is a justified purpose that is archiving correspondence for internal needs (art. 6 paragraph 1, point c of the GDPR).
The content of the correspondence may be archived and we cannot precisely determine when it will be deleted. You have the right to request a history of the correspondence that you carried out with us (if it was subject to archiving), as well as request its deletion, unless its archiving is justified by our overriding interests, e.g. protection against potential claims on your part.
Comments. To add a comment you use your Disqus account. The comment is public.
The data contained in the comment are processed for publication on the blog based on your consent resulting from the posting of the comment (art. 6 paragraph 1, point a of the GDPR).
Comments are stored directly on the servers of the Disqus system provider. The Disqus system provider is an independent administrator of your personal data.
Comments will be available on the blog as long as the blog functions. You can delete your comment at any time using the Disqus system feature.
Cookies and tracking technologies
Cookies are small pieces of text information stored on your end device (computer, tablet, smartphone) that can be read by our ICT system.
Cookies can be divided into first-party cookies and third-party cookies.
More details can be found below.
First-party cookies. We use first-party cookies in order to ensure proper functionality of the website, in particular the ordering process and logging into user’s account.
Third-party cookies Our website, like most of today’s websites, uses functions provided by third parties which involve the use of third-party cookies. The use of these types of files is described below.
- Facebook – https://www.facebook.com/legal/FB_Work_Privacy,
- Instagram – https://help.instagram.com/519522125107875?helpref=page_content,
- Twitter – https://twitter.com/en/privacy,
- Google – (https://policies.google.com/privacy?hl=pl,
- LinkedIN – https://www.linkedin.com/legal/privacy-policy.
Use of the Website involves sending queries to the server on which the Website is hosted. Each query sent to the server is stored in server logs.
Logs include User’s IP address, server date and time, browser and operating system information. Logs are saved and stored on the server.
Data stored in the server logs is not associated with specific entities using the Website and is not used by the Administrator to identify any User.
Server logs are stored solely for the purposes of administration of the Website. Their content is not revealed to any other entity beside persons authorized to administer the server.