Privacy policy and cookies policy
I. General Provisions
This Privacy Policy defines the manner of collecting, processing, and storing personal data necessary for providing electronic services via the website located at https://rafal-stefanowski.com (the Service).
The Administrator of Users' personal data is Rafał Stefanowski, located at ul. Wrzeciono 59a/5, 01-956 Warsaw (the Administrator).
Personal data is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: GDPR).
Data collected by the Administrator will be:
-
processed lawfully,
-
processed for specified, explicit purposes and not further processed in a manner that is incompatible with those purposes,
-
adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed,
-
kept for no longer than is necessary for the purposes of processing.
II. Purpose and Legal Basis for Data Processing
-
The Administrator processes personal data necessary for the provision and development of services offered through the Service and its specific functionalities.
-
Personal data will be processed for the following purposes:
-
account registration, user identity verification, and performance of the contract for electronic services according to the Act of 18 July 2002 on the provision of electronic services, particularly by enabling the use of the User's account – based on the acceptance of the Terms of Service (Art. 6(1)(b) GDPR);
-
communication with the User to provide necessary information and build positive and reliable relationships with them, which constitutes the Administrator's legitimate interest (Art. 6(1)(f) GDPR);
-
promotion of the Administrator's and/or their Partners' products and/or services by sending marketing communications (newsletters) via email if the User has consented to receiving such notifications (Art. 6(1)(a) GDPR);
-
providing access to industry news directly related to the Administrator's activities if the User has consented to receiving such notifications via email (Art. 6(1)(a) GDPR);
-
for analytical and statistical purposes based on the Administrator's legitimate interest in verifying User activity and preferences to optimize services, products, and functionalities of the Service (Art. 6(1)(f) GDPR);
-
to establish, assert, or defend against legal claims based on the Administrator's legitimate interest in protecting their rights (Art. 6(1)(f) GDPR).
-
In each of the above cases (paragraph 2), providing data is voluntary but necessary to enter into a contract or use other functionalities of the Service.
III. Period of Personal Data Processing
Personal data will be processed for the duration of a person remaining an active User of the Service (having a User account), and thereafter for the period necessary to comply with legal requirements, pursue or defend against any claims, but not exceeding 3 years from the termination of the contract for electronic services.
Data processed based on consent will be processed until the consent is withdrawn, provided that the withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
IV. Information about Processing
Personal data, depending on the purpose of processing, may be disclosed to:
-
entities associated with the Administrator,
-
entities cooperating with the Administrator,
-
subcontractors, particularly entities providing and managing selected IT systems and solutions,
-
entities handling online payments,
-
courier and postal service providers,
-
legal firms.
Personal data processed by the Administrator will not be transferred outside the European Economic Area or to international organizations.
V. Rights of Data Subjects
Users of the Service have the right to:
-
access their personal data,
-
rectify data,
-
erase data,
-
restrict data processing,
-
data portability,
-
object to processing based on the legitimate interest of the Administrator,
-
withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Users have the right to lodge a complaint with the President of the Office for Personal Data Protection if they believe that the processing of their personal data violates their rights and freedoms.
No automated decision-making, including profiling, occurs during the data processing.
VI. Final Provisions
The Administrator reserves the right to amend this Privacy Policy while ensuring that Users' rights arising from this document are not limited.
Users will be informed of any changes to the Privacy Policy through a notification available on the Service.
Administrator - Rafał Stefanowski
Website - https://rafal-stefanowski.com
Guest - anyone who visits and makes purchases on my website.
Security The Administrator is the controller of the Guest's personal data.
The Guest may provide their data to the Administrator through the Website.
The Administrator guarantees the confidentiality of the data provided.
The Administrator does not disclose the entrusted data to third parties.
The data is collected with care, securely stored, and protected from third parties.
The Guest is entitled to:
-
the right to request access to their personal data, their correction, deletion, or limitation of processing,
-
the right to object to processing,
-
the right to data portability,
-
the right to withdraw consent to the processing of personal data for a specific purpose if previously given,
-
the right to lodge a complaint with the supervisory authority regarding the processing of their personal data.
The Administrator informs that the processing of personal data is entrusted to the following entities: WIX.com
Cookies The Administrator uses cookies, which are small text files stored on the Guest's end device (such as a computer, tablet, smartphone). Cookies can be read by the Administrator's IT system.
Storing cookies on the Guest's end device by the Administrator allows access to the information contained in them for statistical, marketing (remarketing), and website functionality purposes.
Therefore, the Administrator informs the Guest that they have the option to configure their web browser to prevent the storage of cookies on their end device, i.e., on a computer, smartphone, tablet, or other mobile device. The Administrator also informs the Guest that such actions may hinder the use of the Website.
The Guest can delete files stored by the Administrator by using the appropriate functions of their web browser or other programs or tools they use.
On the website, I use several auxiliary entities:
-
Facebook and Instagram - I display content from social media platforms on the Website, and cookies from Facebook and Instagram are used here.
Logs Logs are auxiliary material for managing the Website by the Administrator.
Logs are not disclosed to anyone other than those authorized to administer the Website.
Logs are recorded and then stored on the server.
Logs are not used to identify the Guest as they are not associated with specific individuals using the website.
Using the Website by the Guest involves sending queries to the server on which the Website is stored, including information about the browser used by the Guest, the operating system, as well as the User's IP address, date, and server time.
Legal Basis
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1–88, the "GDPR".