Privacy Policy

§1. Data Controller

  1. The data controller within the meaning of Article 4(7) of the Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) is Hanna Ramashka, conducting business under the name Kubera Group HANNA RAMASHKA, with its registered office at ul. Marszałkowska 87 lok. 133, 00-683 Warsaw, Poland, NIP: 9522155479, REGON: 385281472.
  2. The administrator’s email address is [email protected].
  3. The administrator, in accordance with Article 32(1) GDPR, adheres to the principles of personal data protection and employs appropriate technical and organizational measures to prevent accidental or unlawful destruction, loss, modification, unauthorized disclosure, or unauthorized access to personal data processed in connection with their activities.
  4. Providing personal data by the client is voluntary but necessary to enter into a contract with the data controller.
  5. The data controller processes personal data to the extent necessary for the performance of the contract or the provision of services to the data subject.

§2. Purpose and Legal Basis for Processing Personal Data

The administrator processes personal data for the following purposes: a) Preparing an offer in response to the client’s interest, which constitutes a legitimate interest of the data controller (Article 6(1)(f) GDPR); b) Entering into and executing contracts with clients, based on the contract (Article

6(1)(b) GDPR); c) Providing electronic services via websites, based on the contract (Article 6(1)(b) GDPR); d) Handling the complaints process, based on a legal obligation of the data controller under applicable laws (Article 6(1)(c) GDPR); e) Accounting related to issuing and receiving settlement documents, based on tax regulations (Article 6(1)(c) GDPR); f) Data archiving for potential claims establishment, pursuit, or defense, or for documenting facts, which constitutes a legitimate interest of the data controller (Article 6(1)(f) GDPR); g) Contacting via phone or email, particularly in response to queries directed to the data controller, which constitutes a legitimate interest of the data controller (Article 6(1)(f) GDPR); h) Sending technical information regarding the operation of the online store and services used by the client, which constitutes a legitimate interest of the data controller (Article 6(1)(f) GDPR); i) Marketing, which constitutes a legitimate interest (Article 6(1) (f) GDPR) or occurs based on prior consent (Article 6(1)(a) GDPR).

§3. Data Recipients and Transfers to Third Countries

  1. Recipients of the personal data processed by the data controller may include entities cooperating with the data controller, where necessary for the execution of the contract with the data subject.
  2. Recipients of the personal data processed by the data controller may also include subcontractors – entities whose services the data controller uses for data processing, such as accounting firms, law offices, and IT service providers (including hosting services).
  3. The data controller may be required to disclose personal data based on applicable laws, particularly to authorized government bodies or institutions.
  4. Personal data, in connection with the use of tools for analyzing and tracking website traffic, may be transferred to entities based outside the European Economic Area, such as Google LLC. As an appropriate data protection measure, the data controller has agreed to standard contractual clauses in accordance with Article 46 GDPR with these service providers. More information on this can be found here: https://commission.europa.eu/law/law-topic/dataprotection_en.

§4. Data Retention Period

  1. The data controller retains personal data for the duration of the contract with the data subject and, after its termination, for purposes related to the pursuit of claims arising from the contract, fulfillment of obligations under applicable laws, but for no longer than the limitation period according to the Civil Code.
  2. The data controller retains personal data on settlement documents for the period specified by the VAT Act and the Accounting Act.
  3. The data controller retains personal data processed for marketing purposes for a period of 10 years, but no longer than until consent for data processing is withdrawn or an objection to processing is raised.
  4. The data controller retains personal data for purposes other than those specified in paragraphs 1-3 for one year, unless consent for data processing is withdrawn earlier, and data processing cannot be continued on any basis other than the data subject’s consent.

§5. Rights of the Data Subject

  1. Every data subject has the right to: a) Access – obtain confirmation from the controller whether their personal data is being processed. If data is being processed, the data subject has the right to access it and obtain the following information: the purposes of processing, categories of personal data, information about the recipients or categories of recipients to whom the data has been or will be disclosed, the period of data retention or the criteria for determining it, the right to request rectification, erasure, or restriction of processing of personal data, and the right to object to such processing (Article 15 GDPR); b) Receive a copy of data – obtain a copy of the personal data being processed, with the first copy being free of charge and subsequent copies subject to a reasonable fee based on administrative costs (Article 15(3) GDPR); c) Rectification – request the rectification of personal data that is inaccurate or incomplete (Article 16 GDPR); d) Erasure – request the erasure of personal data if the data controller no longer has a legal basis for processing or if the data is no longer necessary for processing purposes (Article 17 GDPR); e) Restriction of Processing – request the restriction of processing of personal data (Article 18 GDPR) when:

◦ The data subject contests the accuracy of personal data – for a period allowing the controller to verify its accuracy,

◦ Processing is unlawful, and the data subject opposes its erasure, requesting the restriction of its use,

◦ The controller no longer needs the data, but the data is necessary for the data subject to establish, pursue, or defend legal claims,

◦ The data subject has objected to processing – until it is determined whether the legitimate grounds of the controller override the interests, rights, and freedoms of the data subject; f) Data Portability – receive personal data in a structured, commonly used, and machine-readable format, and request that it be transmitted to another controller, provided the data is processed based on consent or a contract and is processed in an automated manner (Article 20 GDPR); g) Object – object to the processing of personal data based on the controller’s legitimate interests, due to specific circumstances related to the data subject, including profiling. In this case, the controller assesses the existence of compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject or for establishing, pursuing, or defending claims. If, according to the assessment, the data subject’s interests outweigh the controller’s interests, the controller must cease processing the data for these purposes (Article 21 GDPR).

  1. To exercise the above rights, the data subject should contact the controller using the provided contact details and inform them of which right they wish to exercise and to what extent.
  2. The data subject has the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office in Warsaw.

§6. Profiling

  1. Personal data obtained by the data controller may be processed automatically, including profiling. Profiling by the data controller involves evaluating selected information about the data subject for the purposes of analyzing and predicting personal preferences and interests, particularly for the purpose of providing personalized offers to the data subject.
  2. Automated processing by the data controller does not result in legal effects for the data subject. The data subject may object at any time to automated data processing.

§7. Google Analytics

  1. The administrator uses Google Analytics, an internet analytics service provided by Google Inc. based in the USA.
  2. Google Analytics uses cookies to analyze user activity on the website. Information generated by cookies about website usage is transmitted to and stored on Google servers. On behalf of the administrator, Google will use this information to analyze website usage by users, prepare reports on website activity, and provide other services related to website and internet usage for the administrator.
  3. Data will not be used to identify any individual.
  4. Users can prevent cookies from being saved by adjusting their browser settings; however, this may limit the full functionality of the website. Additionally, users can prevent Google from collecting data generated by cookies and related to their use of the website (including IP address) and processing such data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=pl.
  5. At any time, users can object to the collection and processing of data related to their use of Google’s website by downloading and installing the plugin available at: https:// google.com/dlpage/gaoptout?hl=en.

§8. HotJar

  1. The administrator uses the HotJar analytical tool, which tracks user behavior on the administrator’s websites.
  2. HotJar collects non-personal data, including standard internet protocol data and behavior patterns when a user visits the website. This aims to enhance user convenience, determine preferences, diagnose technical issues, analyze events, and improve the website. The following information is collected regarding the device and browser: device IP address (collected and stored anonymously), screen resolution, device type (device identifiers), operating system, and browser type, geographical location (country only), preferred language when displaying the website. The following information is collected regarding user interactions: mouse handling (movements, position, and clicks), keyboard inputs.
  3. HotJar also collects login data randomly gathered by the website: indicating the domain, visited pages, geographical location (country only), preferred language, date and time when pages were viewed.
  4. By visiting https://www.hotjar.com/opt-outand clicking “Disable HotJar,” users can opt out of HotJar data collection during their website visits at any time.

Cookies Policy

1. Automatic Data Collection

◦ The Portal does not automatically collect any information except for information contained in cookies.

  1. What Are Cookies?

◦ Cookies (also known as “cookies”) are data files, particularly text files, that are stored on the User’s device and are used to access the Portal’s websites. Cookies usually contain the name of the website from which they originate, the duration they are stored on the device, and a unique number.

3. Cookie Placement and Access

◦ The entity placing cookies on the User’s device and accessing them is Kubera Group

HANNA RAMASHKA.

4. Purpose of Cookies

Content Personalization: Cookies are used to adapt the content of the Portal’s websites to the User’s preferences and optimize website usage. They help recognize the User’s device and appropriately display the website tailored to their individual needs.

Statistical Analysis: Cookies help create statistics that show how Users interact with the websites, allowing for improvements in their structure and content.

Session Maintenance: Cookies are used to maintain the User’s session.

5. Types of Cookies Used

“Session” and “Persistent” Cookies: “Session” cookies are temporary files stored on the User’s device until they log out, leave the website, or close their browser. “Persistent” cookies are stored on the User’s device for a period defined in the cookie parameters or until they are deleted by the User.

“Necessary” Cookies: These cookies are essential for using the services available on the Portal, such as authentication cookies used for services requiring login.

Security Cookies: Used to ensure security, such as detecting authentication abuse within the Portal.

“Performance” Cookies: Collect information on how the Portal’s websites are used.

“Functional” Cookies: Allow for the “remembering” of selected settings by the User and the personalization of the User interface, such as the selected language or region, font size, website appearance, etc.

“Advertising” Cookies: Enable the delivery of advertising content more tailored to the User’s interests.

6. Managing Cookies

◦ Most web browsers are set to accept cookies by default. Users can change their cookie settings at any time, including blocking automatic handling of cookies in their browser settings or being notified about each placement of cookies on their device.

Detailed information on managing cookies is available in the browser settings.

◦ The service provider informs that limiting the use of cookies may affect some functionalities available on the Portal.