GDPR
1. This Privacy Policy sets out the rules for the processing of personal data collected through the website yuliialuciv.com , hereinafter referred to as “Website”).
2. The owner of the website and the Data Controller is Yuliia Luciv , hereinafter referred to as the Controller.
3. Personal data collected by the Administrator via the Website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), also called GDPR.
4. The Administrator takes special care to respect the privacy of Customers visiting the Website.
§ 1 Type of data processed, purposes and legal basis
1. The Administrator collects information on natural persons performing a legal act not directly related to their activity, natural persons conducting business or professional activity on their own behalf and natural persons representing legal persons or organizational units that are not legal persons, to whom the law grants legal capacity, conducting business or professional activity on their own behalf, hereinafter referred to collectively as Customers.
2. Customers’ personal data are collected in the event of:
use the service of the contact form on the Website in order to perform the contract provided electronically. Legal basis: Necessity for the performance of the contract for the provision of the contact form service (Article 6(1)(b) of the GDPR)
3. When using the service of the contact form, the Customer provides the following data:
- e-mail address
- first name
- phone number
4. When using the Website, additional information may be collected, in particular: the IP address assigned to the Customer’s computer or external IP address of the Internet provider, domain name, browser type, access time, operating system type.
5. Navigation data may also be collected from Customers, including information about the links and links they choose to click or other actions they take on the Website. Legal basis - legitimate interest (Article 6(1)(f) of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services.
6. The transfer of personal data to the Administrator is voluntary.
§ 2 To whom is the data disclosed or entrusted and how long are they stored?
1. The Customer’s personal data is transferred to service providers used by the Administrator when running the Website. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, are either subject to the Controller’s instructions as to the purposes and methods of processing such data (processors) or determine the purposes and methods of their processing themselves (administrators).
1. 1. Processors. The Controller uses suppliers who process personal data only on the Controller’s instructions. These include, but are not limited to, providers of hosting services, accounting services, marketing systems, systems for analyzing traffic on the Website, systems for analyzing the effectiveness of marketing campaigns.
1. 2. Administrators. The Administrator uses suppliers who do not act solely on instructions and determine the purposes and methods of using the Customers’ personal data themselves. They provide electronic payment and banking services.
2. Location. The service providers are based mainly in Poland and other countries of the European Economic Area (EEA).
3. Customers’ personal data are stored:
3. 1. If the basis for the processing of personal data is consent, then the personal data of the Customer shall be processed by the Administrator for as long as the consent is not revoked, and after revocation of consent for a period of time corresponding to the period of limitation of claims that may be raised by the Administrator and which may be raised against him. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activity - three years.
3. 2. If the basis for data processing is the performance of the agreement, then the Customer’s personal data are processed by the Administrator for as long as it is necessary for the performance of the agreement, and after that time for a period corresponding to the period of limitation of claims. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activity - three years.
4. In the event of a request, the Administrator shall make personal data available to authorized state authorities, in particular organizational units of the Prosecutor’s Office, the Police, the President of the Office for Personal Data Protection, the President of the Office for Competition and Consumer Protection or the President of the Office of Electronic Communications.
§ 3 Cookies mechanism, IP address
1. The website uses small files called cookies. They are stored by the Administrator on the terminal device of the person visiting the Website, if the web browser allows it. A cookie typically contains the name of the domain it comes from, its "expiry time" and an individual randomly selected number identifying the cookie. The information collected by means of such files helps to adapt the products offered by the Administrator to the individual preferences and actual needs of visitors to the Website.
2. The Administrator uses two types of cookies:
2. 1. Session cookies: after the end of the browser session or the computer is turned off, the stored information is deleted from the device memory. The mechanism of session cookies does not allow to download any personal data or any confidential information from Customers’ computers.
2. 2. Persistent cookies: they are stored in the memory of the Customer’s terminal equipment and remain there until they are deleted or expired. The mechanism of persistent cookies does not allow to download any personal data or any confidential information from the Customer’s computer.
3. The Administrator uses its own cookies in order to:
3. 1. analysis and research and auditing of viewership, and in particular to create anonymous statistics that help to understand how Customers use the Website, which makes it possible to improve its structure and content.
4. The Administrator uses external cookies in order to:
4. 1. presenting on the information pages of the Website, a map indicating the location of the Administrator's office, using the website maps. google. com (external cookie administrator: Google Inc with its registered office in the USA)
5. The cookies mechanism is safe for the computers of Customers visiting the Website. In particular, it is not possible for viruses or other unwanted software or malware to enter the computers of the Customers in this way. However, in their browsers, Customers have the option to restrict or disable the access of cookies to computers. If you use this option, the use of the Website will be possible, except for functions that by their nature require cookies.
6. The Administrator may collect the IP addresses of the Customers. An IP address is a number assigned to the computer of a visitor to the Website by the Internet service provider. An IP number allows you to access the Internet. In most cases, it is dynamically assigned to your computer, i. e. it changes every time you connect to the Internet and is therefore commonly treated as non-personal identifying information. The IP address is used by the Administrator to diagnose technical problems with the server, to create statistical analyses (e. g. to determine from which regions we record the most visits), as information useful for the administration and improvement of the Website, as well as for security purposes and possible identification of undesirable automatic programs for viewing the Website content burdening the server.
§ 4 Rights of data subjects
1. Right to withdraw consent - legal basis: Art. 7 para. 3 GDPR.
1. 1. The customer has the right to withdraw any consent he has given
1. 2. Withdrawal of consent takes effect from the moment of withdrawal of consent.
1. 3. Withdrawal of consent does not affect the processing carried out by the Administrator in accordance with the law before its withdrawal.
1. 4. Withdrawal of consent does not entail any negative consequences for the Customer, but may prevent further use of services or functionalities, which according to the law the Administrator may provide only with consent.
2. Right to object to data processing - legal basis: Art. 21 GDPR.
2. 1. The Customer has the right to object at any time - for reasons related to his particular situation - to the processing of his personal data, including profiling, if the Administrator processes his data based on a legitimate interest, e. g. marketing of the Administrator’s products and services, keeping statistics on the use of individual functionalities of the Website and facilitating the use of the Website, as well as satisfaction surveys.
2. 2. Opting out by e-mail from receiving marketing messages concerning products or services will mean the Customer’s objection to the processing of his personal data, including profiling for these purposes.
2. 3. If the Customer’s objection turns out to be justified, the Administrator will have no other legal basis for the processing of personal data, the Customer’s personal data, the processing of which the Customer has objected, will be deleted.
3. Right to erasure (“right to be forgotten”) – legal basis: Art. 17 GDPR.
3. 1. The Customer has the right to request the deletion of all or some of their personal data.
3. 2. The Customer has the right to request the deletion of personal data if:
3. 2. 1. the personal data are no longer necessary for the purposes for which they were collected or for which they were processed
3. 2. 2. has withdrawn a specific consent to the extent that personal data were processed on the basis of his consent
3. 2. 3. has objected to the use of his data for marketing purposes
3. 2. 4. personal data are processed unlawfully
3. 2. 5. the personal data must be erased in order to comply with a legal obligation provided for by Union law or the law of a Member State to which the Controller is subject
3. 2. 6. personal data have been collected in connection with the provision of information society services
3. 3. Despite the request to delete personal data, in connection with the submission of an objection or withdrawal of consent, the Controller may retain certain personal data to the extent that the processing is necessary to establish, exercise or defend claims, as well as to comply with a legal obligation requiring processing under Union law or the law of a Member State to which the Controller is subject. This applies in particular to personal data including: name, surname, e-mail address, which are stored for the purpose of handling complaints and claims related to the use of the Administrator’s services, or additionally, address/mail address, order number, which are stored for the purpose of handling complaints and claims related to concluded sales agreements or the provision of services.
4. Right to restriction of data processing - legal basis: Art. 18 GDPR.
4. 1. The customer has the right to request the restriction of the processing of his personal data. Submitting a request, until it is considered, prevents the use of certain functionalities or services, the use of which will be associated with the processing of data covered by the request. The administrator will not send any messages, including marketing.
4. 2. The Customer has the right to request the restriction of the use of personal data in the following cases:
4. 2. 1. when he disputes the correctness of his personal data – then the Administrator limits their use for the time needed to verify the correctness of the data, but no longer than for 7 days
4. 2. 2. when the processing of the data is unlawful and instead of deleting the data, the Customer requests the restriction of their use
4. 2. 3. when the personal data is no longer necessary for the purposes for which it was collected or used but it is necessary for the Customer to establish, exercise or defend claims
4. 2. 4. when he has objected to the use of his data – then the restriction is made for the time needed to consider whether – due to a particular situation – the protection of the interests, rights and freedoms of the Customer outweighs the interests pursued by the Administrator by processing the Customer’s personal data.
5. Right of access to data - legal basis: Art. 15 GDPR.
5. 1. The Customer has the right to obtain confirmation from the Administrator whether he processes personal data, and if this is the case, the Customer has the right to:
5. 1. 1. access your personal data
5. 1. 2. obtain information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients of such data, the planned period of storage of the Customer’s data or the criteria for determining this period (when it is not possible to determine the planned period of data processing), the rights of the Customer under the GDPR and the right to lodge a complaint with a supervisory authority, the source of such data, automated decision-making, including profiling and the safeguards applied in connection with the transfer of such data outside European Union European Union
5. 1. 3. obtain a copy of your personal data.
6. Right to rectification - legal basis: Art. 16 GDPR.
6. 1. The Customer has the right to demand from the Administrator immediate rectification of his personal data that are incorrect. Taking into account the purposes of the processing, the Customer concerned has the right to request the completion of incomplete personal data, including by submitting an additional statement, by sending a request to the e-mail address in accordance with §6 of the Privacy Policy.
7. Right to data portability - legal basis: Art. 20 GDPR.
7. 1. The Customer has the right to receive his/her personal data, which he/she has provided to the Administrator, and then send them to another personal data administrator of his/her choice. The Customer also has the right to request that personal data be sent by the Controller directly to such Controller, if it is technically possible. In such a case, the Controller will send the Customer’s personal data in the form of a file in csv format, which is a commonly used, machine-readable format and allows the data received to be sent to another personal data controller.
8. In the event that the Customer has the right resulting from the above rights, the Administrator shall comply with the request or refuse to comply with it immediately, but no later than within one month after its receipt. However, if - due to the complex nature of the request or the number of requests - the Administrator will not be able to fulfill the request within one month, it will fulfill it within the next two months informing the Client in advance within one month of receipt of the request - about the intended extension of the deadline and its reasons.
9. The Customer may submit to the Administrator complaints, inquiries and requests concerning the processing of his personal data and the exercise of his rights.
10. The Customer has the right to lodge a complaint with the President of the Office for Personal Data Protection regarding the violation of his rights to personal data protection or other rights granted under the GDPR.
§ 5 Changes to the Privacy Policy
1. The Privacy Policy may be changed, about which the Administrator is not obliged to inform.
2. Questions related to the Privacy Policy should be directed to: Julialuciv@gmail.com
3. Date of last modification: 29.05.2024