Legal document

Privacy policy

Last modified: 16 July 2024

  1. This Privacy Policy sets out the rules for processing personal data collected through the website fadok.pl (hereinafter the "Website").
  2. The Website is owned and the data controller is Aleksandra Kaller Business Solution, NIP 8431604445 (hereinafter the Controller).
  3. Personal data collected by the Controller through the Website is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, "GDPR").
  4. The Controller takes particular care to respect the privacy of clients visiting the Website.

§ 1 Categories of data, purposes, and legal basis

  1. The Controller collects information about natural persons performing legal acts not directly related to their business, natural persons running their own business or professional activity, and natural persons representing legal entities or organisational units without legal personality to which the law grants legal capacity, conducting business or professional activity in their own name (jointly referred to as "Clients").
  2. Personal data is collected when Clients use the Website's contact form, for the purpose of providing an electronically supplied service. Legal basis: necessity for steps prior to entering into a contract for the provision of the contact-form service (art. 6(1)(b) GDPR), or the legitimate interest of the Controller in replying to enquiries (art. 6(1)(f) GDPR).
  3. When using the contact form, the Client provides the following data: email address, full name, phone number (optional), and the content of the message.
  4. Additional information may be collected during use of the Website, in particular: the IP address assigned to the Client's computer or the external IP address of the internet service provider, domain name, browser type, access time, and operating system type.
  5. Navigational data may also be collected, including information about links and references that the Client clicks or other actions taken on the Website. Legal basis: legitimate interest (art. 6(1)(f) GDPR), to facilitate the use of services provided electronically and to improve their functionality.
  6. Providing personal data to the Controller is voluntary.

§ 2 Data recipients and retention

  1. Client personal data is shared with service providers used by the Controller in operating the Website. Depending on the contractual arrangement and circumstances, these providers either follow the Controller's instructions on the purposes and means of processing (processors) or independently determine those purposes and means (controllers).
    1. Processors. The Controller engages providers that process personal data solely on its instructions. These include the hosting provider (Vercel Inc., USA — under standard contractual clauses), the transactional email provider (Resend Inc., USA — same basis), accounting services, and analytics tools for site traffic.
    2. Controllers. The Controller also engages providers that do not act solely on instruction and independently determine the purposes and means of processing Client personal data. These provide electronic-payment and banking services.
  2. Location. Service providers are primarily based in Poland and other countries of the European Economic Area (EEA). Some providers (e.g. Vercel Inc. and Resend Inc.) are based in the United States — in such cases, transfers take place under standard contractual clauses approved by the European Commission.
  3. Client personal data is retained:
    1. Where processing is based on consent — for as long as consent is not withdrawn, and after withdrawal for the period equivalent to the limitation period for claims.
    2. Where processing is based on the performance of a contract or steps taken before its conclusion — for as long as necessary to perform the contract, and after that period until the limitation period for any claims expires. As a rule — up to 3 years from the last contact.
  4. On request, the Controller will share personal data with authorised public bodies, in particular the Prosecutor's Office, the Police, the President of the Personal Data Protection Office, the President of the Office for Competition and Consumer Protection, or the President of the Office of Electronic Communications.

§ 3 Cookies and IP address

  1. The Website uses small files known as cookies. They are stored by the Controller on the device of the person visiting the Website, provided the browser allows it. A cookie file usually contains the domain name it originates from, its expiry time, and a unique randomly chosen number identifying that file.
  2. The Controller uses two types of cookies:
    1. Session cookies — once the browser session ends or the computer is shut down, the stored information is removed from the device's memory.
    2. Persistent cookies — stored in the memory of the Client's end device and remain there until they are deleted or expire.
  3. The cookie mechanism is safe for Client computers. Clients can limit or disable cookie access to their computers in their browser settings. Doing so does not restrict the use of the Website.
  4. The Controller may collect Client IP addresses for technical purposes — diagnosing server issues, building statistics, and security.

§ 4 Rights of data subjects

Every data subject has:

  • the right of access to their personal data (art. 15 GDPR),
  • the right to rectification (art. 16 GDPR),
  • the right to erasure (the right to be forgotten, art. 17 GDPR),
  • the right to restriction of processing (art. 18 GDPR),
  • the right to data portability (art. 20 GDPR),
  • the right to object to processing (art. 21 GDPR),
  • the right to withdraw consent at any time, where processing is based on consent (art. 7(3) GDPR),
  • the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland).

Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The above rights can be exercised by contacting the Controller at: aleksandra.kaller@wp.pl. The Controller will respond to the request without undue delay, and no later than within one month of receipt.

§ 5 Changes to the privacy policy

  1. The Privacy Policy may be amended. The Controller will notify clients of material changes affecting personal data processing by updating this page with the date of the last modification. We recommend reviewing the Policy from time to time.
  2. Questions about the Privacy Policy can be sent to: aleksandra.kaller@wp.pl.
  3. Last modified: 16 July 2024