Please familiarize yourself with its provisions. The following table of contents will be of help. In it, you shall find information about how I care for your data, how I process it, who I entrust it to, as well as other important issues related to personal data.
§1 GENERAL PROVISIONS
The administrator of the website and all personal data provided while making use of them, is Klaudia Leszczyńska, who owns the company “Klaudia Leszczyńska Kreatorki Wynajmu” domiciled at ul. Dąbska 18K /29, 31-572 Kraków, VAT ID: 9291773638, in accordance with documentation generated by the CEIDG (Central Register and Database of Business Activity).
I care for the security of your personal data and your privacy as a User of my webpages. I am very happy that you have chosen to visit my website.
Administrator – Klaudia Leszczyńska proprietor of the company- Klaudia Leszczyńska. Kreatorki Wynajmu at Dąbska 18K /29, 31-572 Kraków, VAT ID: 9291773638
User – any entity visiting and/or using the website.
Website and/or Online Store – the website and blog at https://instastaging.com, http://klaudialeszczynska.com and https://kreatorkiwynajmu.pl/ and the online store at https://instastaging.com and https://sklep.kreatorkiwynajmu.pl/
User Account or Account – a User account created on the online platform of the Online Store, enabling access to purchased online training and products.
Form – places on the Website that enable the User to enter personal data for the purposes indicated, e.g. to send a newsletter, to place an order, to contact the User.
GDPR- the European Parliament and Council Regulation, dated 27 April 2016/679, regulating the protection of persons with regards to the processing of personal data and the free movement of such data, including the repealing Directive 95/46/EC (General Data Protection Regulation).
§3 PERSONAL DATA AND PROCESSING
Who is the administrator of your personal data?
The administrator of the User’s personal data is Klaudia Leszczyńska, owner of “Klaudia Leszczyńska, Kreatorki Wynajmu” at Dąbska 18K/29, 31-572 Kraków, VAT ID: 9291773638
Is the provision of data voluntary? WHAT IS THE CONSEQUENCE OF NOT PROVIDING REQUESTED DATA?
Providing data is voluntary, however, failure to provide certain information, where doing so is marked, on the Administrator’s pages, as mandatory, shall result in the inability to provide certain services and or the ability to achieve other desired results.
Provision of data that is not mandatory, or excess data unrequired by the Administrator, by the User, is done at the User’s discretion, therefore, any processing of such data that may take place, shall happen in accordance with GDPR article 6 (1)(a) (consent). The User gives consent for the processing of their personal data and to the anonymization of the data that the Administrator does not require, and does not need to process, despite having provided such data to the Administrator.
FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS DO WE PROCESS PERSONAL DATA PROVIDED WHILE USING THE WEBSITE?
Personal data provided by the User, as part of the operation of the Website can be processed for the following purposes and on the following legal grounds:
- valuation and/or execution of a service and/or contract, for marketing purposes, pursuant to GDPR article 6 (1)(b) (requirement to enter into a contract/ agreement for the provision of services);
- issuing an invoice, bill and fulfilling other obligations resulting from taxation laws when placing orders in the Online Store as well as for other products and services – pursuant to GDPR article 6 (1)(c) (legal obligations);
- granting a discount or informing Users about discounts and other interesting offers made by the Administrator, or entities recommended by them – pursuant to GDPR article 6 (1)(a) (consent);
- processing complaints or claims related to contracts – pursuant to GDPR article 6 (1)(b) (requirement to enter into a contract/ agreement for the provision of services) and pursuant to GDPR article 6 (1)(c) (legal obligations);
- establishment, investigation or defence against claims – pursuant to GDPR article 6 (1)(f) (processing for the purpose of the Administrator’s legitimate interests);
- contact via telephone, regarding maters related to the provision of the service, pursuant to GDPR article 6 (1)(b) (requirement to enter into a contract/ agreement for the provision of services);
- contact via telephone, regarding maters related to presenting offers and direct marketing – pursuant to GDPR article 6 (1)(a) (consent) and pursuant to GDPR article 6 (1)(f) (processing for the purpose of the Administrator’s legitimate interests), if you are an existing customer/ client;
- creating registers related to the GDPR and other regulations – pursuant to GDPR article 6 (1)(c) (legal obligations) and GDPR article 6 (1)(f) (processing for the purpose of the Administrator’s legitimate interests);
- archives and evidence, for the purpose of securing information that can be used to prove facts – pursuant to GDPR article 6 (1)(f) (processing for the purpose of the Administrator’s legitimate interests);
- analytical, consisting, inter alia, of analysis of data collected automatically when using the website, including cookies, e.g. Google Analytics cookies, Facebook Pixel – pursuant to GDPR article 6 (1)(f) (processing for the purpose of the Administrator’s legitimate interests);
- managing the Administrator’s Website, Groups and Pages on other platforms , pursuant to GDPR article 6 (1)(f) (processing for the purpose of the Administrator’s legitimate interests);
- satisfaction surveys on available services – pursuant to GDPR article 6 (1)(f) (processing for the purpose of the Administrator’s legitimate interests),
- – posting opinions on services provided by the Administrator, by the User, pursuant to GDPR article 6 (1)(a) (consent),
- for the Administrator’s internal administrative purposes, as related to the management of contact with the User, which is the legitimate interest of the Data Administrator pursuant to GDPR article 6 (1)(f) (processing for the purpose of the Administrator’s legitimate interests);
- to facilitate sending the newsletter – pursuant to GDPR article 6 (1)(f) (processing for the purpose of the Administrator’s legitimate interests in the processing of data for direct marketing purposes) and on the basis of the Act on the provision of electronic services (consent),
- in order to adjust the content displayed on the Administrator’s websites to individual needs and for required improvement of the quality of services provided – pursuant to GDPR article 6 (1)(f) (processing for the purpose of the Administrator’s legitimate interests),
- for direct marketing, directed to the User, of the Administrator’s own products/ services/ recommended products of third parties – pursuant to GDPR article 6 (1)(f) (processing for the purpose of the Administrator’s legitimate interests),
- in order to operate the fan-page called “Kreatorki Wynajmu” and the group named “Klub Kreatorek Wynajmu” on Facebook and interacting with users 6 (1)(f) (processing for the purpose of the Administrator’s legitimate interests).
- in order to operate the Instagram profile under the name kreatorki_wynajmu on Instagram and interact with users – based on GDPR article 6 (1)(f) (processing for the purpose of the Administrator’s legitimate interests).
- commenting on the Website – pursuant to GDPR article 6 (1)(a) (consent).
HOW IS YOUR DATA COLLECTED?
Data provided by the User shall be the only data collected and processed (with the exception, in certain situations, of data collected automatically using cookies and login data, as described below).
When visiting the site, data on the visit itself is automatically collected, e.g. the user’s IP address, domain name, browser type, operating system type, etc. (login details). Automatically collected data can be used to analyze user behavior on the website, collect demographic data about users, or to personalize the content of the website for improvement purposes. However, this data is processed only for the purposes of website administration and ensuring efficient hosting services and is not associated with the data of individual Users. You can read more about cookies below.
WHAT ARE YOUR RIGHTS?
The User has the following rights as delineated in GDPR article 15- 21, i.e.:
- the right to request access to their personal data,
- the right to transfer such data,
- the right to correct data,
- the right to rectify provided data
- the right to demand deletion of their data if there are no grounds for its processing,
- the right to limit processing, if it occurred incorrectly or without legal grounds,
- the right to object to data processing on the basis of the legitimate interest of the administrator,
- the right to lodge a complaint with the supervisory body – the President of the Office for Personal Data Protection (on the principles set out in the Act on the protection of personal data), if the processing of their data is deemed incompatible with applicable laws on data protection.
- the User also has the right to be omitted if further processing of personal data is not provided for by the current law.
The administrator notes that these rights are not absolute and are not applicable in relation to all activities of processing User’s personal data. This applies to the right to obtain a copy of your data, for example. This entitlement may not adversely affect the rights and freedoms of others, such as copyright, confidentiality. For more concise information pertaining to restrictions as to your rights, please peruse the readily available contents of the GDPR provisions.
The user has the full right to lodge a complaint with supervisory authorities.
CAN YOU WITHDRAW CONSENT?
If the User has agreed to a specific action, such consent may be withdrawn at any time, which will result in the deletion of their email address from the Administrator’s mailing list, therefore ceasing resulting from prior given consent. Withdrawal of consent does not affect the data previously processed before withdrawal of consent.
In some cases, the data may not be completely deleted and will be stored so as to defend against any claims, for a period in keeping with legal provisions provided for by of the Civil Code, or. e.g. in order to comply with legal obligations imposed on the Administrator.
The Administrator will address the User’s separate requests, duly justifying further actions arising from legal obligations.
DO WE TRANSFER YOUR DATA TO OTHER COUNTRIES?
User’s data may be transferred outside of the European Union to other countries, and in such cases, it shall be transferred solely to recipients who have entered into the Privacy Shield agreement or to those who guarantee the highest protection and security of data.
Due to the use of Google services, User’s data may be transferred to the United States of America (USA) as a result of using said platforms, with their storage on American servers. Google has joined the Privacy Shield program and thus guarantees the appropriate level of protection of personal data required by European Union laws. They may use compliance mechanisms provided for within the GDPR (e.g. certificates) or standard contractual clauses.
Link to the list of entities that have joined Privacy Shield – https://www.privacyshield.gov/welcome
Google LLC: https://policies.google.com/privacy?hl=en
Facebook Ireland Ltd . : https://www.facebook.com/privacy/explanation
UAB MailerLite: https://www.mailerlite.com/legal/privacy-policy
Currently, services offered by Google and Facebook are mainly provided by entities located in the European Union. You should, however, always read the privacy policies of these providers to receive up-to-date information on personal data protection.
How long do we store your data?
User’s data will be stored by the Administrator for the duration of services provided/achievement of goals and:
- for the period of service and cooperation, as well as for the period of limitation of claims in accordance with the law – in relation to data provided by contractors and clients,
- for the period of negotiations and negotiations preceding the conclusion of the contract or performance of the service – in relation to the data provided in the request for proposal,
- for the period required by law, including tax law – in relation to personal data related to the fulfillment of obligations arising from applicable regulations,
- until an effective opposition has been lodged pursuant to GDPR article 21 – personal data processed on the basis of the legitimate interest of the administrator, including for needs related to direct marketing purposes,
- until the withdrawal of consent or achievement of the purpose of processing, business purpose – in relation to personal data processed on the basis of consent. After withdrawing consent, the data may still be processed to defend against any claims in accordance with the period of limitation of these claims or the (shorter) period indicated to the User,
- for a maximum period of 3 years for persons who have unsubscribed from the newsletter to defend against any claims (e.g. information on the date of subscription and the date of unsubscribing from the newsletter, the number of newsletters received, actions taken and activities related to the messages received), or after a period of 1 year of no activity by the subscriber, e.g. not opening any message from the Administrator.
Links to other websites
The User’s personal data is stored and protected with due diligence, in accordance with the Administrator’s internal procedures. The Administrator processes information about the User using appropriate technical and organizational measures that meet the requirements of generally applicable law, in particular the provisions on the protection of personal data. These measures are primarily aimed at securing Users’ personal data against access by unauthorized persons. In particular, only authorized persons have access to Users’ personal data, who are obliged to safeguard such data by confidentiality clauses.
At the same time, the user should exercise due diligence in securing their personal data that is transferred online, in particular, should not disclose their login data to third parties, should use appropriate anti-virus programmers and update their software.
WHO ARE THE POTENTIAL RECIPIENTS OF PERSONAL DATA?
The administrator hereby informs the User that they use the services of external entities. Entities entrusted with the processing of personal data (such as courier companies, intermediaries in electronic payments, companies offering accounting services, companies enabling the sending of newsletters) guarantee the use of appropriate measures for the protection and security of personal data required by law, in particular by the GDPR.
The Administrator hereby informs the User, that they entrust the processing of personal data to the following third parties:
- UAB “MailerLite”, Paupio St. 46, LT-11341 Vilnius, Lithuania – to send the newsletter and the mailing system provider
- OVH Sp. z o.o. ul. Swobodna 1, 50-088 Wrocław, NIP: 899-25-20-556 – to store personal data on their server, to operate the domain and mail server,
- Home.pl SA with its registered office in Szczecin at ul. Zbożowej 4, 70-653 Szczecin – for the purpose of storage of personal data on their server, domain and mail server support,
- Fakturownia Sp. z o.o., 00-389 Warszawa, ul. Smulikowskiego 6/8, NIP 5213704420 – to issue accounting documents,
- PayPal (Europe) S. à r.l. & Cie, S.C.A. based in Luxembourg – to operate the electronic payment system and transactions,
- PayPro SA, 60-327 Poznań, ul. Kanclerska 15, NIP 779-236-98-87 – to operate the payment system and electronic transactions,
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland – to use Google services, including email,
- other contractors or subcontractors involved in technical and administrative support, or to provide legal assistance to the Administrator and their clients, e.g. accounting, IT, graphic, copywriting assistance, debt collection companies, lawyers, etc.
- offices, e.g. the tax office – to meet legal and tax obligations related to settlements and accounting.
HAVE WE SET UP A DATA PROTECTION SUPERVISOR?
The Personal Data Administrator hereby informs that he has not appointed a Personal Data Protection Inspector (IODO) and performs the obligations related to the processing of personal data independently.
The User acknowledges that their personal data may be transferred to authorized state authorities in connection with legal proceedings, at their request and after fulfilling the conditions confirming the necessity of obtaining this data from us.
DO WE PROFILE YOUR DATA?
The User’s personal data will not be used to make automated decisions that affect the User’s rights and obligations or freedoms within the provisions of the GDPR.
As part of the website and tracking technologies, User data may be profiled, which helps in better personalizing the company’s offer, which the Administrator directs to the User (mainly through so-called behavioral advertising). However, this should not have any impact on the User’s legal standing, in particular, on the terms of the contracts they enter in to with intent. It only helps us better tailor content and target ads to suit your interests. The information used is anonymous and is not associated with personal data provided by the User, e.g. in the purchase process. This is a result of statistical data, e.g. gender, age, interests, approximate location, behaviors on the Website.
All Users have the right to object to profiling if it would have a negative impact on their rights and obligations.
The administrator uses the following types of forms within the Website:
- Newsletter subscription form – requires entering your name and email address in the appropriate place. The following fields are mandatory. Then, the User, in order to add their e-mail address to the Administrator’s subscribers database, must confirm their willingness to subscribe. The data obtained in this way is added to the mailing list in order to send the newsletter.
By subscribing to the newsletter, the User also consents to the Administrator’s use of the User’s telecommunications terminal equipment (e.g. telephone, tablet, computer) for direct marketing of the Administrator’s products and services and for presenting the User with commercial information in accordance with art. 172 rule1 of the Act – Telecommunications Law (No. U. of 2014 r. item 243 as amended)
The newsletter is sent for an indefinite period, from the moment it is activated until the consent is withdrawn. After the withdrawal of consent, the User’s data may be stored in the newsletter database for a period of up to 2 years in order to demonstrate the fact that the User has given consent to communication through the newsletter, the User’s actions (openness of e-mails) and the time of its withdrawal, as well as any related claims, which is the legitimate interest of the Administrator (GDPR article 6 1 (f).
The sending of the newsletter may cease if the User fails to display activity for a minimum of 1 year from the commencement of the newsletter service or reading the last e-mail (sent newsletter). In this case, the Administrator will delete the User’s data from the system used to send the newsletter (supplier). The User is not be entitled to receive any messages from the Administrator, unless they decide to re-subscribe to the Newsletter subscription form or contact the Administrator in another way so as to be selected for such services.
The mailing system used to send the newsletter records all activity and actions taken by the User related to emails sent to them (date and time of opening the message, clicking on the links, the moment of unsubscribing, etc.).
- Commenting – All data in the comments form is provided voluntarily if you want to leave such a comment. By posting a comment you agree to the processing of this data. These include name, surname, e-mail, name of your website, IP number. Some data marked as mandatory must be entered.
Providing an email address is mandatory and is only used to exclude spam and / or display the User’s avatar. It is not disclosed to third parties.
The Administrator is not responsible for the content of comments posted by users of the Website and blog. The Administrator reserves the right not to confirm post comments that are spam in nature, offensive, contain vulgar or offensive phrases, illegal content or contain any links to other pages placed without their consent.
- Store order form– When placing an order in the Administrator’s online store, the User must provide specific data in accordance with the rules contained in the sales regulations in order to perform the order, fulfill the legal obligations imposed on the Administrator, settlements, processing claims, for statistical and archival purposes, as well as for marketing direct to customers, which is the legitimate interest of the Administrator.
These are mainly: name, surname, company name, tax identification number, home address or registered office, e-mail address. If you already have a user account in the store, then all you have to do is enter your login details (or email address) and password and log in to your account, and then take further steps related to the order.
The administrator stores data for the duration of the contract or service, and after its completion for the period necessary to protect against claims. In addition, for the time indicated by legal provisions of e.g. tax law (e.g. invoice storage period).
- Registration form for setting up a User account in the online store – Users can set up an account in an online store and for this purpose they should properly register and provide the following data: name, surname, e-mail address, residence address, company address, tax identification number and then password.
Account creation takes place on the terms set out in the sales regulations and is a service provided electronically. The rules for maintaining the account and its possible deletion are contained in the regulations.
Data marked as such are mandatory and you will not be able to create a user account without providing it. Providing data is voluntary.
The Administrator may entrust the processing of personal data to third parties without the separate consent of the User (based on the entrustment agreement). Data obtained from the forms cannot be transferred to third parties.
§5 Exemption from liability and Copyright
- The content of the Website does not constitute specialist advice and does not relate to a specific factual state. If you want to get help in a specific case, contact the person authorized to provide such advice or the Administrator for the given contact details. The Administrator is not responsible for the use of content contained on the Website or actions or omissions undertaken on its basis.
- All content posted on the Website is subject to the copyright of certain persons and / or the Administrator (e.g. photos, texts, videos, free materials, etc.). The administrator does not agree to copy these contents in whole or in part without his express prior consent.
- Content posted on the Site is current at the time of posting, unless otherwise indicated.
In order to use the Administrator’s website, it is necessary to have access to the following:
- Devices with access to the Internet
- An active electronic mailbox to receive e-mails
- A web browser that allows you to view websites
- Software that allows for reading of content in the following formats, e.g. pdf, video, mp3, mp4.
- Like most websites, the Administrator’s Website uses so-called tracking technologies, i.e. cookies, which allow for the improvement of the site, in terms of the needs of its visitors.
- This site does not automatically gather any information, with the exception of information contained in the cookies.
- Cookie files (so-called “cookies”) comprise of IT data, small text files that are stored on your end device, e.g. computer, tablet, smartphone, when you use my Website.
- These may be own cookies (originating directly from my website) and third party cookies (originating from websites other than my website).
- Cookies allow you to customize the content of my website to your individual needs and the needs of other users visiting it. They also enable the creation of statistics that show how website users use and how to navigate it. Thanks to this, I can improve my website, its content, structure and appearance.
- The administrator uses the following third-party cookies on the Website:
a) Facebook Conversion Pixel – to manage Facebook ads and conduct re-marketing activities, which is the Administrator’s legitimate interest.
This tool is provided by Facebook Inc. and its affiliates. This is an analytical tool that helps measure the effectiveness of ads, shows what actions are taken by Website Users and helps to reach a specific group of people (Facebook Ads, Facebook Insights).
The information collected as part of using Facebook Pixel is anonymous and does not allow you to be identified. They show general data about users: location, age, gender, interests. The provider may combine this information with the information you provide to them as part of their Facebook account, and then use it in accordance with their own assumptions and purposes.
The administrator recommends that you familiarize yourself with the details related to the use of the Facebook Pixel tool and direct questions to the tool’s provider, as well as manage your privacy settings on Facebook. More information is available at: https://www.facebook.com/privacy/explanation.
b) Built-in Google Analytics code – to analyze Website statistics. Google Analytics uses its own cookies to analyze the actions and behaviors of the Website Users. These files are used to store information, for example, on the page that directed the User to the current website. They help improve the Page.
This tool is provided by Google LLC. The actions taken as part of using the Google Analytics code are based on the Administrator’s legitimate interest in creating and using statistics, which further allow for the improvement of the Administrator’s services and optimizing the Website.
On Google Analytics tool, the Administrator does not process any User data enabling their identification.
The administrator recommends that you familiarize yourself with the details related to the use of the Google Analytics tool, the option of disabling the tracking code and directing questions to the provider of this tool at the link: https://support.google.com/analytics#topic=3544906.
c) Directing plugins to social media e.g. Facebook, Instagram, Pinterest, LinkedIn, YouTube.
After clicking the icon of a given plug-in, the user is sent to the website of an external provider, in this case the owner of a given social network, e.g. Facebook. Then they have the option to click “Like” or “Share” and like the Administrator’s fan page located on Facebook or directly share its content (post, article, video, etc.).
d) Tools assessing the effectiveness of Google Ads advertising campaigns – to conduct advertising and re-marketing campaigns, which is the legitimate interest of the Administrator.
e) Cookies used to recover abandoned shopping carts and user activity on the online store website,
– in order to direct advertising to the User related to the unfinished order, which is the Administrator’s legitimate interest.
f) Content from portals and websites of external suppliers,
The administrator may embed content from websites, websites, blogs and other websites of external entities on the Website. In particular, videos from You Tube or Vimeo.
These third parties may save certain data about content played by the User.
If you do not want this to happen, log out of the portal (if you have an account there and are logged in) before visiting my Site or do not play the content on the Site. You can also change your browser settings and block certain content from being displayed to you.
g) Affiliate links and affiliate programs, including Google AdSense
Advertising pages with third party products may also appear on the Website, as part of Google AdSense. The administrator informs the User that they have no influence on the content of these ads or their appearance, which is determined by the algorithm of the provider, in this case Google LLC. You can modify the settings and personalization of ads directly from your browser by going to: https://adssettings.google.com/authenticated.
- This site uses two types of cookies: session cookies, which are deleted after closing the browser, logging out or leaving the website, and permanent ones, which are stored in the user’s end device, which allow your browser to be recognized the next time you visit the site, for a specified period, in the cookie file parameters or until you delete them.
- In many cases, the software used to browse websites (a web browser) allows storing of cookies on the User’s terminal by default. The website Users can make changes to the cookies settings at any time. In particular, these settings can be changed so that the automatic support for cookies will be blocked on the browser, or there will be information on their use on the device every time. Details on the possibilities and methods of managing cookie files are available in the software settings (of the web browser).
- More information on cookies is available at: http://wszystkoociasteczkach.pl/ or in the “Help” menu of the web browser.
§8 CONSENT FOR COOKIES
When you first enter the Website , you must agree to cookies or take other possible actions indicated in the message in order to continue using the Website content. On using the Website, you give consent. If you do not consent – please leave the Website. You can always change your browser settings, disable or delete cookies. In the “help” tab in your browser you will find the necessary information.
§9 SERVER LOGS
- Using the Website is associated with sending queries to the server on which the Website is stored.
- Each query directed to the server is saved in the server’s logs. Logs include, among others, the User’s IP address, server date and time, information about the web browser and the operating system used by the User.
- Logs are saved and stored on the server.
- Server logs are used to administer the Website, and their content is not disclosed to anyone except persons and entities authorized to administer the server.
- The Administrator does not use server logs in any way to identify the User.
NOTE: The information on the site is only an expression of the author’s personal views and does not constitute a “recommendation” within the meaning of the regulations or individual advice. You make all decisions and actions at your own risk.