PRIVACY POLICY
Dear Customer/User
We care about your privacy and want you to feel comfortable and safe when using our services, which is why we have prepared a document from which you will obtain detailed information regarding the processing of your personal data.
Table of contents:
Introduction
General information
Recipients of personal data of the Website
Acquisition, collection, purpose, scope and activities of processing personal data
Rights of data subjects
Cookie mechanism, operational data and analytics
Final provisions
1
Introduction
This Privacy Policy defines the principles of processing and protecting personal data of Users and Customers of the Website (including potential Customers) using the Website available at the Internet address: [czerka.pl], hereinafter referred to as the Website. The document describes primarily the basis, purposes, scope of processing personal data, indicates the entities to which the data is entrusted, and also contains information on cookies and analytical tools used within the Website.
The controller of personal data collected via the Website, within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) of 27 April 2016 (OJ EU. L No. 119, p. 1), hereinafter referred to as GDPR, is [Jarosław Czerka], conducting business activity under the name [Trade Institute Coaching & Consulting Jarosław Czerka], entered in the Central Register and Information on Business Activity, with the address of the place of principal business and address for correspondence: [Stolema 49/15, 80-177 Gdańsk NIP: 5831763111, REGON: 220853175, contact telephone number: 507000300], e-mail address: [kontakt@czerka.pl], hereinafter referred to as the Administrator and at the same time the Service Provider of the Website.
The Personal Data Protection Officer appointed by the Administrator is: [Jarosław Czerka], contact with the Inspector is possible at the telephone number: [507000300] and/or by e-mail at the address: [kontakt@czerka.pl]
The personal data of Users are processed in accordance with the provisions on the protection of personal data and the Act of 18 July 2002 on the provision of services by electronic means (Journal of Laws No. 144, item 1204, as amended).
The Personal Data Administrator declares that the Privacy Policy serves an informative role, which means that it is not a source of obligations for Users and Customers of the Website. Its purpose is to define the actions taken by the Administrator and to describe the services, tools and functionalities related to the Website, which are used by Customers of the Website in order to use the contact form or other actions taken within the Website.
2
General information
The Website Administrator makes every effort to protect the privacy of the Website Users and Customers and all data and information that has been obtained from them. With due diligence, it selects and applies technical security measures, both programming and organizational, thus ensuring complete protection against their disclosure, disclosure, loss, destruction, unauthorized modification or processing in violation of applicable law.
The Administrator informs that the Website uses a transmission protocol that ensures the security of data transmission on the Internet, namely it has the SSL (Secure Socket Layer v3) protocol installed. This is a type of security that involves encoding data before sending it from the Client’s browser and decoding it after it has safely reached the Website server. Information sent from the server to the Client is also encoded, and after reaching the destination, decoded.
Data collected by the Administrator is processed in accordance with the law, with respect for the principles of reliability and transparency, is collected to the minimum extent necessary for the specified purposes and processed in accordance with them, is not subject to further processing incompatible with these purposes, is adequate and correct in terms of content in relation to the intended use and is stored in a way that allows identification of the persons to whom the data relates. The period of data storage depends on the purpose of processing and is limited to the moment of achieving the intended purpose.
The Administrator of the Website has access to the data on the principles specified in the Regulations and in the Privacy Policy, but may entrust the personal data of Clients to external entities cooperating with the Administrator. Such entrustment is possible only on the basis of appropriate personal data entrustment agreements concluded between the Administrator and the processing entity. The agreements contain a provision specifying the scope and conditions of processing personal data necessary to provide services. The Administrator declares that it only cooperates with entities that guarantee the security of personal data processing by implementing security measures that meet the requirements specified in the GDPR.
The Administrator has the right, as well as the statutory obligation, to provide information regarding the Clients of the Website to public authorities, e.g. in connection with conducting proceedings regarding possible violations of law or to third parties who submit such a request based on applicable provisions of Polish law.
Using the services and tools made available as part of the Website, as well as providing personal data by the User is voluntary. However, their provision may be necessary to conclude and execute the Sales Agreement or the Agreement for the provision of Electronic Services on the Website, therefore their failure to do so will prevent the conclusion of such an Agreement. The scope of data necessary to conclude the Agreement is indicated on the Website.
The Client using the services and tools made available as part of the Website confirms that he/she has read the provisions of this Privacy Policy and the Information on Cookies, at the same time expressing consent (if necessary) to the use of his/her personal data in accordance with these provisions by checking the appropriate checkboxes placed on the Website.
3
Recipients of personal data of the Website
In order to ensure the proper operation of the Website, including the implementation of concluded Sales Agreements, the Administrator uses the services of external entities. The Administrator transfers data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it.
Examples of recipients of personal data of Customers of the Website are:
providers of services supporting the work of the Website Administrator, e.g. suppliers of computer software for running the Website, e-mail, companies operating the mailing system, hosting providers,
Recipients of data (external entities) process personal data on the basis of appropriate entrustment agreements signed with the Website Administrator. These entities collect, process, store personal data in accordance with their regulations and privacy policies.
The Administrator entrusts the processing of personal data of Service Users and Customers of the Website [czerka.pl] to the following entities:
[NQ.pl] – for the purpose of storing data on the server on which the Website is installed and for the purpose of providing IT and technical care for the Website.
marketing company – Google Ireland Limited Gordon House Barrow Street Dublin 4 Ireland
VAT No.: IE 6388047V
The Administrator informs that personal data for purposes related to the implementation of marketing services are transferred to Northern Ireland and the United States, in connection with their storage on Irish and American servers. This is due to the Administrator using the services of Google – this is an entity located in a third country – the United States, Northern Ireland, which has joined the Privacy Shield program and thus guarantees an adequate level of protection of personal data required by European regulations.
4
Acquisition, collection, purpose, scope and processing activities
The Administrator obtains information about Users, among others, by collecting server logs, IP addresses, software and hardware parameters, pages viewed, mobile device identification number and other data regarding devices and use of systems. The above information will be collected in connection with the use of the Website. This data is not used by the Administrator to identify the User/Customer.
Navigation data may also be collected from Customers, including information about links and references or other activities undertaken on the Website in order to facilitate the use of services provided electronically and to improve the functionality of these services.
The Administrator reserves the right to filter and block messages sent via the internal messaging system, in particular if they are spam, contain prohibited content or otherwise threaten the safety of Website Users.
As part of the Website, the Administrator processes the personal data of Customers for the following purposes:
taking action before concluding a contract at the request of the Customer; guaranteeing full service to the User of the Website, including contacting Users in response to inquiries sent via the contact form, contacting Users via e-mail in response to inquiries sent,
providing services that do not require creating an account and purchasing the Product, i.e. browsing the Website’s www pages, monitoring the activity of all and specific Users,
adapting the offer and the User’s experience,
performing the Sales Agreement or the Agreement regarding the provision of Services by electronic means,
keeping statistics on the use of individual functionalities available on the Website, facilitating the use of the Website and ensuring the IT security of the Website,
determining, pursuing and enforcing claims and defending against claims in court proceedings and other enforcement bodies,
considering complaints, grievances and applications and answering questions,
conducting research and analyses in order to improve the available services. The Administrator informs that it collects, processes and stores the following data of Customers: name and surname, e-mail address, contact telephone number, delivery address of the Goods/Service (street, house number, apartment number, postal code, town, country), address of residence/business/registered office (if different from the delivery address).
In the case of Service Recipients or Customers who are not Consumers, the Administrator may additionally process such data as: the name of the Company and the Tax Identification Number (NIP) of the Service Recipient or Customer.
Personal data that is collected for the purposes indicated in the Privacy Policy will be stored for the period of performance of services provided by the Administrator and for the period resulting from the limitation periods for claims, tax law provisions, Consumer rights or other rights in this respect.
CONTACT WITH THE CUSTOMER
The basis for data processing in connection with Customer service, which includes contact with the Customer in order to respond to the inquiry sent via e-mail, contact form is art. 6 sec. 1 letter a GDPR, i.e. consent to processing. If an agreement is concluded after contact, the data will be processed on the basis of art. 6 sec. 1 letter b GDPR. The legal basis for processing after the contact has ended will be the justified purpose of archiving correspondence for the purpose of demonstrating its course in the future (in accordance with art. 6 sec. 1 letter f GDPR).
ORDER FULFILLMENT
When placing an order on the Website, the Customer provides personal data that are used for the purpose of executing the agreement, i.e. in connection with the execution of the Order (art. 6 sec. 1 letter b GDPR), issuing an invoice and performing other activities related to the provisions of tax law (art. 6 sec. 1 letter c). For archival and statistical purposes, data will be processed on the basis of the legitimate interest of the Administrator (Article 6, paragraph 1, letter f of the GDPR).
The basis for data processing for the purpose of determining, pursuing or defending claims that the Administrator may raise or that may be raised against the Administrator is Article 6, paragraph 1, letter f of the GDPR.
Data on orders will be processed for the time necessary to complete the order/provide the service, and then until the expiry of the limitation period for claims under the concluded contract. In addition, after this period, the data may still be processed for statistical purposes.
CONTACT FORM
As part of the functionality of the Website, the Administrator provides the possibility of contacting him using an interactive form. Using the form requires providing personal data necessary to contact the User and answer the questions contained in the form. The User may also provide other data in order to facilitate contact or ordering a service. Providing data marked as mandatory is required in order to process the inquiry and/or accept the order, and failure to provide them may result in the inability to process it. Providing other data is voluntary.
In order to identify the sender and handle their query sent via the provided form – the legal basis for processing is the necessity of processing to perform the service agreement (Article 6, paragraph 1, letter b) of the GDPR).
For analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Administrator (Article 6, paragraph 1, letter f) of the GDPR), consisting in maintaining statistics of queries submitted by Users via the Website in order to improve its functionality.
GOOGLE ADS
The Administrator informs that using Google Ads services, it promotes the Website in search results and on third-party websites. Automatically, when visiting the Store website, the so-called Google Remarketing cookie file is left on the device of each Visitor, which, using a pseudonymous identifier (ID) and based on the pages viewed by the Visitor, allows for the display of interest-based advertisements.
The Google Ads service is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which has joined the Privacy Shield program in order to ensure an adequate level of protection of personal data required by European regulations.
5
Rights of data subjects
GDPR grants Customers/Users the rights in question, their list is provided below. They are granted without giving a reason, but are not absolute and will not apply to all activities concerning the processing of personal data. In a situation where the Client/User wants to exercise any of their rights, they may at any time send a declaration of intent to the e-mail address of the Website or the address of the Administrator’s registered office.
The right to access data is exercised on the basis of art. 15 of the GDPR.
The Client/User may contact the Administrator at any time to confirm whether their data is being processed, and if this is the case, the Client has the right to:
obtain access to personal data,
to receive information about the purposes of processing, categories of personal data being processed, recipients or categories of recipients of this data, the planned period of storing the Client/User’s data or the criteria for determining this period (when it is not possible to determine the planned period of data processing), about the rights that the Client/User has under the GDPR (when it is not possible to determine the planned period of data processing), about the rights that the Client has under the GDPR and about the right to lodge a complaint with the supervisory authority, about the source of this data, about automated decision-making, including profiling and about the security measures applied in connection with the transfer of this data outside the European Union,
to obtain a copy of their personal data.
The right to rectify data is implemented on the basis of Article 16 of the GDPR.
The Client/User has the right to request that the Administrator immediately rectify their personal data that is incorrect. He/she also has the right to request the completion of his/her personal data. To correct or complete his/her personal data, please send information to the e-mail address of the Website.
III. The right to delete data (“the right to be forgotten”) – implemented on the basis of art. 17 of the GDPR.
a) The Client/User may submit a request to the Administrator to delete all or some of his/her data,
b) The Client/User has the right to request the deletion of their personal data when:
the personal data are no longer necessary for the purposes for which they were collected or processed,
they have withdrawn a specific consent, to the extent that the personal data were processed based on the Client/User’s consent,
they have objected to the use of their data for marketing purposes,
the personal data have been processed unlawfully,
the personal data must be deleted in order to comply with a legal obligation under EU law or the law of a Member State to which the Administrator is subject; personal data have been collected in connection with the provision of information society services,
c) despite the Client/User’s request to delete personal data in connection with an objection or withdrawal of consent, the Administrator may retain certain personal data to the extent that processing is necessary to establish, pursue or defend claims, as well as to comply with a legal obligation requiring processing under EU law or the law of a Member State to which the Administrator is subject,
d) deletion of personal data or cessation of their processing by the Administrator may result in the inability to provide services provided via the Website or in limiting the possibility of using the functionality of the Website.
Expressing consent to the processing of personal data and the right to withdraw consent is exercised on the basis of art. 7 sec. 3 GDPR
a) By accepting the declarations placed by the Administrator in interactive forms available on the Website, the Customer/User consents to the processing of their data for specific purposes,
b) The Customer/User has the option to consent to the processing of their data for additional purposes by accepting the optional declarations proposed in the forms available on the Website,
c) The Customer has the right to withdraw any consent that they have given to the Administrator, the withdrawal of consent will be effective from the moment of withdrawal of consent,
d) the withdrawal of consent will not cause any negative consequences for the Customer, but may prevent further use of services or functionalities that, according to the law, the Administrator may only provide with consent,
e) the withdrawal of consent does not affect the processing of personal data carried out by the Administrator in accordance with the law before its withdrawal.
The right to object to data processing is implemented on the basis of art. 21 GDPR
a) The Customer/User has the right to object at any time for reasons related to his/her specific situation to the processing of his/her personal data, including profiling, if the Administrator processes personal data based on a legitimate interest,
b) the Client/User’s e-mail resignation from receiving marketing information about products and services means that the Client/User objects to the processing of their data, including profiling for these purposes,
c) if the Administrator does not have another legal basis permitting the processing of the Client/User’s data and the objection is justified, the personal data against which the objection was raised will be deleted.
The right to request the restriction of the processing of personal data is implemented on the basis of art. 18 GDPR
The Client/User has the right to request the restriction of their personal data when:
they question the accuracy of their personal data – the Personal Data Administrator will limit the processing of your personal data for a period that will allow them to verify the accuracy of this data,
the processing of the Client/User’s personal data is unlawful, and instead of deleting the personal data, the Client/User requests the restriction of the processing of their personal data,
the Client/User’s personal data are no longer needed for the purposes of processing, but they are needed to determine, pursue or defend the Client/User’s claims,
when the Client/User has objected to the processing of their personal data – then the restriction of processing occurs until it is determined whether the legitimate interests of the Personal Data Administrator override the grounds indicated in the Client/User’s objection.
VII. The right to request the transfer of personal data (Article 20 of the GDPR)
The Client/User has the right to receive their personal data from the Administrator in a structured, commonly used machine-readable format and to send them to another Personal Data Administrator.
You can also request that the Personal Data Administrator send the Client/User’s personal data directly to another Administrator (if technically possible).
VIII. The Client also has the right to file a complaint with the President of the Personal Data Protection Office regarding a violation of his/her rights to the protection of personal data or other rights granted under the GDPR.
7
Cookies Policy, operational data and analytics
The website uses small files called cookies, they are saved and stored on a computer or other end device of the Users and Clients of the Website if the web browser allows it. Cookies usually contain the name of the domain from which they originate, the time of their storage on the Device and the assigned value.
2. Cookies are used to optimize the process of using the Website, to collect statistical data that allow for the identification of the way Users use the Website, which allows for the improvement of the structure of the Website. They are also necessary to maintain the Client’s session after they leave the Website.
The Administrator uses two types of Cookies:
a) Session Cookies (temporary): they are stored on the Client’s end device and remain there until the end of the session of a given browser. The saved information is then permanently deleted from the device’s memory. The mechanism of session cookies does not allow for the download of any personal data or any confidential information from the Client’s Device.
b) Persistent Cookies: they are stored on the Client’s device and remain there until they are deleted. Ending a browser session or turning off the Device does not delete them from the Client’s Device. The persistent Cookies mechanism does not allow for downloading any personal data or any confidential information from the Client’s Device.
The Administrator uses the Google Analytics tracking code to analyze the statistics of the Website and manage Ads ads; detailed information on Google Analytics can be found at https://support.google.com/analytics/answer/6004245.
At any time, the Client may change the cookie settings using the web browser they use, including blocking the ability to collect cookies. Such action may make it difficult or impossible to use the services and tools of the Website, including preventing the placement of an Order.
If the Client decides that they do not agree to the use of cookies for the purposes described above, they may delete them manually at any time. Detailed instructions and information on cookies are included in the help menu of the web browser currently used by the Client. Examples of web browsers that support the aforementioned cookies are: Internet Explorer, Mozilla Firefox, Google Chrome, Opera, Safari, Microsoft Edge.
Niektóre podmioty zewnętrzne działające w ramach Strony internetowej umożliwiają Użytkownikom wycofanie zgody na gromadzenie i wykorzystywanie przez nie danych na potrzeby reklam bazujących na aktywności Klienta. Więcej informacji na ten temat i możliwość dokonania wyboru znajduje się na przykład na stronie internetowej: www.yuoronlinechoices.com. Udostępnianie Google Analytics informacji o aktywności na Stronie internetowej można zablokować za pomocą udostępnianego przez firmę Google Inc. dodatku do przeglądarki dostępnego tutaj: https://tools.google.com/dlpage/gaoptout?hl=pl.
Some external entities operating within the Website allow Users to withdraw their consent to the collection and use of data for advertising purposes based on the Customer’s activity. More information on this subject and the possibility of making a choice can be found, for example, on the website: www.yuoronlinechoices.com. Sharing information about activity on the Website with Google Analytics can be blocked using the browser add-on provided by Google Inc. available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
8
Final provisions
This Privacy Policy contains links to other websites, it is recommended to read the Privacy Policies and Regulations of these websites.
The above Privacy Policy applies only to the Administrator’s Website.
It is possible to expand the offer of the Website, which thus creates the possibility of changing the content of the Privacy Policy, about which you will be informed by an appropriate message on the Website.
In case of additional questions regarding the Privacy Policy of the Website, please send a message to the e-mail address provided by the Administrator [kontakt@czerka.pl]