§ 1 General provisions
1. Administrator of the personal data of the users of the website located under the domain www.magdamatyja.com is MAGDALENA MATYJA under the business activity under the name of MAGDALENA MATYJA, entered in the Central Register and Information on Business Activity of the Republic of Poland, maintained by the competent minister for economy, with its registered office at ul. Swojska 3a/5, 60-592 Poznań, NIP: 9721293250, REGON: 381019702 (hereinafter: "Administrator").
2. Contact with the Administrator is possible:
(1) at e-mail address: email@example.com,
(2) in writing, to the Administrator's address: 3a/5 Swojska Street, 60-592 Poznań,
(3) using the contact form, located on the website.
3. The purpose of the Policy is to define the activities undertaken with respect to personal data collected through the Administrator's website and related services and tools used by its users, as well as in the activity of entering into and performing contracts in contact outside the website.
4. If necessary, the provisions of this Policy may be changed. The change will be communicated to the users by announcing the new content of the Policy, and in the case of the base of persons who have consented to the processing of data by e-mail or provided e-mail data in the execution of contracts, they will also be notified of the change by e-mail.
§ 2 Basis for processing, purposes and storage of personal data
1. Users' personal data shall be processed in accordance with the General Data Protection Regulation, the Personal Data Protection Act, the Personal Data Protection Act of 10.05.2018 and the Electronic Services Act of 18.07.2002.
2. In the case of processing of personal data on the basis of an e-mail or complaint sent by the user, such processing shall take place on the basis of Article 6(1)(b) of the General Data Protection Regulation, according to which the processing is necessary to take action at the request of the data subject.
3. If the user obtains separate consent, his/her personal data may also be processed by the controller for marketing purposes, including for the purpose of directing commercial information electronically to the e-mail address indicated by the user (Article 6(1)(a) of the General Data Protection Regulation).
4. When the Administrator enters into and performs a sales or service contract, the other party is required to provide the data necessary for the conclusion of the contract (which is a contractual requirement and, with regard to tax numbers, also a statutory requirement) and for this purpose the Administrator processes personal data (Article 6(1)(b) of the General Data Protection Regulation).
5. In the case of conducting research and analysis to improve the performance of available services (e.g., tracking tools), Article 6(1)(f) of the General Data Protection Regulation is indicated as the basis for data processing.
6. In addition, the Administrator may collect the following data for the following purposes:
7. Users' personal data shall be stored for no longer than necessary to achieve the purpose of processing, i.e. until the withdrawal of consent if processing is based on such consent, until the statute of limitations for claims of the Administrator and the other party regarding the execution of concluded agreements (in the case of sales/service contracts, 2 years, counting to the end of the year), and until the execution of an inquiry directed by e-mail or the completion of the processing of complaints.
8. Administrator may use profiling for direct marketing purposes, but decisions made on its basis by the Administrator do not relate to the conclusion or refusal to conclude a contract, or the possibility of using electronic services. The effect of the use of profiling may be, for example, to grant a person a discount, send him/her a discount code, remind him/her of unfinished purchases, send a proposal for a product that may match the person's interests or preferences, or offer better terms compared to a standard offer. Despite the profiling, it is the person who freely decides whether he or she will want to take advantage of the discount or better terms received in this way and make a purchase. Profiling involves the automatic analysis or prediction of a person's behavior on the Administrator's website, e.g. by adding a particular product to the shopping cart, browsing the page of a particular product, or by analyzing the previous history of activity on the website. The condition for such profiling is that the Administrator has the personal data of the person in question in order to be able to then send him/her, for example, a discount code.
9. To the extent necessary for the proper functioning of the website, its functionality, the website may, during the use of the website by the User, collect other information, including but not limited to:
a) IP address;
b) device, hardware and software information, such as hardware identifiers, mobile device identifiers (e.g. Apple Identifier for Advertising ["IDFA"] or advertising identifier on an Android device ["AAID"]),
c) type of platform,
d) settings and components,
e) browser data, including browser type and preferred language;
10. Taking into account the nature, scope, context and purposes of the processing and the risk of infringement of the rights or freedoms of natural persons of different probability and severity, the Administrator shall implement appropriate technical and organizational measures for the processing to be carried out in accordance with the Regulation and to be able to demonstrate this. These measures shall be reviewed and updated as necessary. The Administrator shall apply technical measures to prevent unauthorized persons from obtaining and modifying, personal data sent electronically.
§ 3 Data sharing
1. Administrator shall ensure that any personal information collected is used to fulfill obligations to users. This information will not be shared with third parties except when:
a) the express consent of the data subjects to do so is given in advance, or
b) if the obligation to provide such data is or will be imposed by applicable law, such as to law enforcement agencies.
2. In addition, personal data of service recipients and customers may be transferred to the following recipients or categories of recipients:
3. Administrator may share anonymized data (i.e., data that does not identify specific Users) with third-party service providers in order to better identify the attractiveness of advertisements and services to Users, and in this regard, due to the location of software providers, data may be transferred - subject to the principles of their protection - to third countries, however, providing standard contractual provisions approved by the European Commission for the processing of personal data or having the appropriate authority to do so on the basis of bilateral agreements for the entrustment of data processing between the European Union and the third country in question, while not being a member of the European Economic Area. These entities in the case of the Administrator are:
• Google LLC. (Headquarters: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for Google Analytics tools used to analyze Web site statistics, Google Tag manager: used to manage scripts by easily adding code snippets to a site or application and to track actions performed by users on a Web site, Google Ads used to display sponsored links in Google's search engine results and on collaborative sites under the Google AdSense program,
• Meta Platforms, Inc. (headquartered at 1601 Willow Road Menlo Park, CA 94025, USA) for Facebook pixel used to track conversions from Facebook ads, optimize them based on collected data and statistics, and build a targeted audience list for future advertising.
5. Administrator, when sharing data with third parties, shall make every effort to do so only with entities certified under the (former) EU-U.S. and Switzerland-U.S. Privacy Shield programs, which are available at www.privacyshield.gov. Such entities, when handling information originating in the European Economic Area (EEA), shall do so in accordance with the Accountability for Onward Transfer principle of the Privacy Shield program. Where applicable, the Administrator will rely on EU standard contractual clauses and other safeguards to enable transfers outside the EEA. In accordance with the July 16, 2020 decision of the Court of Justice of the European Union with respect to the EU-US Privacy Shield and the European Data Protection Board guidelines, the Administrator continues to assess the legal regime of the countries to which data is transferred and, where necessary, updates measures to ensure adequate levels of protection.
§ 4 User rights
1. User whose personal data is processed has the right to:
a) access, rectification, restriction, erasure or portability - the data subject has the right to request from the Administrator access to his/her personal data, rectification, erasure ("right to be forgotten") or restriction of processing, and has the right to object to processing, and has the right to portability of his/her data. The detailed conditions for exercising the rights indicated above are indicated in Articles 15-21 of the GDPR Regulation.
b) revoke consent at any time - a person whose data is processed by the Administrator on the basis of expressed consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR Ordinance), then he/she has the right to revoke consent at any time without affecting the legality of the processing performed on the basis of consent before its revocation.
c) lodge a complaint to a supervisory authority - a person whose data is processed by the Administrator has the right to lodge a complaint to a supervisory authority in the manner and mode specified in the provisions of the GDPR Ordinance and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Office for Personal Data Protection in Warsaw.
d) Objection - The data subject has the right to object at any time - for reasons related to his or her particular situation - to the processing of personal data concerning him or her based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling under these provisions. In such a case, the controller shall no longer be allowed to process such personal data, unless the controller demonstrates the existence of compelling legitimate grounds for the processing overriding the interests, rights and freedoms of the data subject, or grounds for establishing, asserting or defending claims.
e) Objection to direct marketing - if personal data are processed for the purposes of direct marketing (based on the legitimate interests of the Administrator, not on the basis of the data subject's consent), the data subject shall have the right to object at any time to the processing of personal data concerning him or her for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing.
2. Exercise of the above rights is carried out on the basis of the user's request sent to the e-mail address firstname.lastname@example.org. Such a request should include the name and surname of the user.
3. User shall ensure that the data he provides or publishes on the site is correct.
§ 5 Cookies
1. "Cookies" should be understood as IT data, in particular text files, stored on the users' terminal devices (usually on the computer's hard drive or mobile device) for the purpose of saving certain settings and data by the user's browser in order to use the websites. These cookies allow to recognize the user's device and display the website accordingly, providing comfort during its use. The storage of "cookies" therefore allows the website and the offer to be properly prepared for the user's preferences - the server recognizes the user and remembers preferences such as visits, clicks, previous actions, among others.
2. "Cookies" contain, in particular, the domain name of the website from which they originate, the time they are stored on the terminal device and a unique number used to identify the browser from which the connection to the website is made.
3. "Cookies" are used for:
a. adapting the content of the websites to the user's preferences and optimizing the use of the websites,
b. to create anonymous statistics which, by helping to determine how the user uses the websites, make it possible to improve their structure and content,
c. providing website users with advertising content tailored to their interests.
4. Cookies are not used to identify the user and based on them his identity is not established.
5. The main division of "cookies" is their distinction into:
a. "cookies" of an essential nature - they are absolutely necessary for the proper functioning of the website or the functionality that the user wants to use, because without them we could not provide many of the services that we offer. Some of them also ensure the security of the services we provide electronically.
b. Functional "cookies" - are important for the operation of the website due to the fact that:
- are used to enrich the functionality of the websites; without them, the website will work properly, but will not be tailored to the user's preferences,
- serve to ensure a high level of website functionality; without them, the level of website functionality may decrease, but their absence should not prevent you from using the website completely,
- serve the majority of website functionality; blocking them will result in selected functions not working properly.
c. Business "cookies" - enable the implementation of the business model on the basis of which the website is provided; their blocking will not result in the unavailability of all functionality, but may reduce the level of service provision due to the inability of the website owner to realize revenues subsidizing its operation. This category includes, for example, advertising "cookies".
d. "Cookies" for website configuration - allow you to set functions and services on websites.
e. Cookies for security and reliability of websites - enable verification of authenticity and optimization of website performance.
f. Authentication "cookies" - enable information when a user is logged in so that the website can show relevant information and features.
g. Session research "cookies" - allow recording information about how users use the website. They may relate to the most frequently visited pages or possible error messages displayed on certain pages. The "cookies" used to record the so-called "session state" help to improve services and enhance the browsing experience.
h. "Cookies" for studying the processes taking place on the site - they enable the smooth operation of the website and the functions available on it.
i. Ad serving cookies - allow ads to be displayed that are more interesting to users and more valuable to publishers and advertisers; cookies can also be used to personalize advertising, as well as to display ads outside the websites.
j. Location-accessing "cookies" - allow the information displayed to be tailored to the user's location.
k. Analytics, research or audience auditing "cookies" - allow the website owner to better understand the preferences of its users and, through analysis, improve and develop products and services. Typically, the website owner or research company collects information anonymously and processes trend data, without identifying the personal data of individual users.
The use of "cookies" to customize the content of the websites to the user's preferences does not, as a rule, imply the collection of any information that identifies the user, although this information may sometimes have the nature of personal data, that is, data that allows the attribution of certain behavior to a specific user. Personal data collected using "cookies" may be collected solely for the purpose of performing certain functions for the user. Such data are encrypted in a way that prevents unauthorized access to them.
6. Cookies used by this site are not harmful to the user or the terminal device used by the user, so for the proper functioning of the site it is recommended not to disable them in browsers. In many cases, web browsing software (web browser) allows by default to store information in the form of "cookies" and other similar technologies on the user's terminal device. The user can change the browser's use of "cookies" at any time. To do this, change the browser settings. How to change the settings varies depending on the software (web browser) you use. You will find relevant instructions on the subpages, depending on the browser you use.
7. As part of its cookie technology, the Administrator may use tracking pixels or pure GIF files to collect information about how users use its services and how they respond to marketing messages sent by email. A pixel is a software code that allows an object, usually a pixel-sized image, to be embedded on a page, which provides the ability to track user behavior on the web pages where it is deployed. Once the appropriate consent is given, the browser automatically establishes a direct connection to the server that stores the pixel, so the processing of data collected by the pixel is done within the framework of the data protection policy of the partner that administers the aforementioned server.
8. Administrator may use Internet log files (which contain technical data, such as the user's IP address) to monitor traffic within its services, resolve technical problems, detect and prevent fraud, and enforce the User Agreement.
9. Administrator informs you that the website does not respond to Do Not Track (DNT) signals, while you may disable certain forms of online tracking, including certain analytics and personalized advertising, by changing the cookie settings in your browser or using our cookie consent tools (if applicable).
10. Detailed information on how to change your cookie settings and how to delete them yourself in the most popular web browsers is available in the help section of your web browser and on the following pages (just click on the link):
a) Google Chrome
b) Mozilla Firefox
c) Microsoft Edge
e) Safari macOS
f) Safari iOS/iPad OS
11. Detailed information about the management of cookies on a cell phone or other mobile device should be found in the user manual of the mobile device.