Privacy and Cookie Policy (“Privacy Policy”)
This Privacy Policy reflects our commitment to protecting the rights of individuals who visit the website and use the services offered through it. It also fulfills the information obligation set out in Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L119, 4 May 2016, p. 1) (hereinafter referred to as the “GDPR”).The Website Owner places particular importance on respecting the privacy of the Website’s users. Data collected through the Website is protected with special care and secured against unauthorized access. This Privacy Policy is made available to all interested parties. The Website is publicly accessible.
The Website Owner ensures that its primary objective is to provide users of the Website with a level of privacy protection that is at least equivalent to the requirements imposed by applicable law, in particular the GDPR and the Polish Act of 18 July 2002 on the Provision of Electronic Services.
The Website Owner may collect personal data as well as other types of information. Depending on the nature of the data, it is collected either automatically or as a result of actions taken by visitors to the Website.
Any person using the Website in any manner accepts all of the provisions set out in this Privacy Policy. The Website Owner reserves the right to amend this Privacy Policy at any time.
- General information, cookies
- The owner and operator of the website is DIAMOND S.C. Bożena Włodarczyk, Ilona Włodarczyk with its registered office in Warsaw, address: Powsińska 106, 02-903 Warsaw, entered into the register of entrepreneurs of the National Court Register kept by the District Court in , Commercial Division of the National Court Register, under KRS number: , NIP number: 5213312571, REGON number: 015860314. In accordance with the provisions of the GDPR, the website owner is also the Personal Data Administrator of the website users (“Administrator”).
- As part of the performed activities, the Administrator uses cookies in such a way that they observe and analyze traffic on the website pages, as well as undertake remarketing activities, however, within these activities, the Administrator does not process personal data within the meaning of the GDPR.
- The website performs the functions of obtaining information about website users and their behavior in the following way:
- the website automatically collects information contained in cookies.
- through data voluntarily entered by website users in forms available on the website pages.
- through the automatic collection of web server logs by the hosting operator.
- Cookies (so-called “ciasteczka”) constitute IT data, in particular text files, which are stored in the final device of the website user and are intended for using the website’s pages. Cookies usually contain the name of the website they come from, the storage time on the final device, and a unique number.
- During a visit to the website, website users’ data regarding a given user’s visit to the website may be collected automatically, including, among others, IP address, web browser type, domain name, number of page views, operating system type, visits, screen resolution, number of screen colors, addresses of websites from which the website was accessed, and time of website use. This data is not personal data, nor does it allow for the identification of the person using the website.
- There may be links to other websites within the website. The website owner is not responsible for the privacy policies applicable on those websites. At the same time, the website owner encourages the website user to read the privacy policy established within those websites. This Privacy Policy does not apply to other websites.
- The entity placing cookies on the website user’s final device and gaining access to them is the website owner.
- Cookies are used for the purpose of:
- Cookies (so-called “ciasteczka”) constitute IT data, in particular text files, which are stored in the final device of the website user and are intended for using the website’s pages. Cookies usually contain the name of the website they come from, the storage time on the final device, and a unique number.
- During a visit to the website, website users’ data regarding a given user’s visit to the website may be collected automatically, including, among others, IP address, web browser type, domain name, number of page views, operating system type, visits, screen resolution, number of screen colors, addresses of websites from which the website was accessed, and time of website use. This data is not personal data, nor does it allow for the identification of the person using the website.
- There may be links to other websites within the website. The website owner is not responsible for the privacy policies applicable on those websites. At the same time, the website owner encourages the website user to read the privacy policy established within those websites. This Privacy Policy does not apply to other websites.
- The entity placing cookies on the website user’s final device and gaining access to them is the website owner.
- Cookies are used for the purpose of:
- adjusting the content of the website pages to the website user’s preferences and optimizing the use of websites; in particular, these files allow for the recognition of the website user’s device and the appropriate display of the website, tailored to their individual needs,
- creating statistics that help to understand how website users use the websites, which allows for improving their structure and content,
- maintaining the website user’s session (after logging in), thanks to which they do not have to re-enter their login and password on each subpage of the website.
- The following types of cookies are used within the website:
- “necessary” cookies, enabling the use of services available within the website, e.g., authenticating cookies,
- cookies used to ensure security, e.g., used to detect fraud,
- “performance” cookies, used to obtain information about how website users use the website’s pages,
- “advertising” cookies, enabling the delivery of advertising content to website users more tailored to their interests,
- “functional” cookies, enabling the “remembering” of settings selected by the website user and personalizing the website for the website user, e.g., regarding the selected language.
- Two basic types of cookies are used within the website: “session” cookies and “persistent” cookies. “Session” cookies are temporary files stored in the final device until leaving the website, logging out by the website user, or turning off the software (web browser). “Persistent” cookies are stored in the website user’s final device for the time specified in the cookie file parameters or until they are deleted by the website user.
- In the vast majority of cases, software used for browsing websites allows the storage of cookies in the website user’s final device by default. Website users have the opportunity to make changes to the cookie settings at any time of their choosing. These settings can be changed in the web browser (software) options, among others, in a way that prevents the automatic handling of cookies or forces the website user to be informed every time cookies are placed on their device. Detailed information about the possibilities and methods of handling cookies is available in the web browser settings.
- Restrictions on the use of cookies may affect some functionalities available on the website pages.
- Cookies placed in the website user’s final device may also be used by advertisers and partners cooperating with the website owner.
- Processing of personal data, information about forms
- Personal data of website users may be processed by the Administrator:
- in the event that the website user consents to it in the forms placed on the website, in order to take actions to which these forms relate (Art. 6(1)(a) of the GDPR) or
- when processing is necessary for the performance of a contract to which the website user is a party (Art. 6(1)(b) of the GDPR), in the event that the website enables the conclusion of a contract between the Administrator and the website user.
- Within the website, personal data is processed, which is provided exclusively on a voluntary basis by the website users. The Administrator processes the personal data of website users solely to the extent necessary for the purposes specified in point 1 letters a and b above and for the period necessary to achieve these purposes, or until the website user withdraws their consent. Failure to provide data by the website user may, in some situations, result in the inability to achieve the purposes for which providing the data is necessary.
- Within the forms placed on the website or for the purpose of executing contracts that may be concluded within the website, the following personal data of the website user may be collected: first name, last name, address, email address, telephone number, login, password.
- The data contained in the forms, provided to the Administrator by the website user, may be transferred by the Administrator to third parties cooperating with the Administrator in connection with the realization of the purposes specified in point 1 letters a and b above.
- Data provided in the forms placed on the website are processed for purposes resulting from the function of a specific form; furthermore, they may also be used by the Administrator for archival and statistical purposes. The consent of the data subject is expressed by ticking the appropriate box in the form.
- The website user, in the event that the website possesses such functionalities, by ticking the appropriate box in the registration form, may refuse or consent to receiving commercial information via means of electronic communication, in accordance with the Act of 18 July 2002 on the Provision of Electronic Services (Journal of Laws of 2002, No. 144, item 1204, as amended). In the event that the website user has consented to receiving commercial information via means of electronic communication, they have the right to withdraw such consent at any time. Exercising the right to withdraw consent to receive commercial information is carried out by sending an appropriate request via email to the address of the website owner, including the first name and last name of the website user.
- Data provided in the forms may be transferred to entities that technically provide certain services – in particular, this applies to transferring information about the registered domain owner to entities that are operators of the internet domain (in particular, the Research and Academic Computer Network – NASK), payment processing services, or other entities with which the Administrator cooperates in this respect.
- Personal data of website users are stored in a database in which technical and organizational measures have been applied to ensure the protection of processed data in accordance with the requirements specified in relevant regulations.
- To prevent the re-registration of individuals whose participation in the website was terminated due to unauthorized use of the website’s services, the Administrator may refuse to delete personal data necessary to block the possibility of re-registration. The legal basis for the refusal is Art. 19(2)(3) in connection with Art. 21(1) of the Act of 18 July 2002 on the Provision of Electronic Services (consolidated text of 15 October 2013, Journal of Laws of 2013, item 1422). The refusal to delete personal data of website users by the Administrator may also occur in other cases provided for by law.
- In cases provided for by law, the Administrator may share part of the website users’ personal data with third parties for purposes related to the protection of third-party rights.
- The Administrator reserves the right to send electronic letters to all website users with notifications about important changes to the website and changes to this Privacy Policy. The Administrator may send electronic letters of a commercial nature, especially advertisements and other content constituting commercial information, provided that the website user has consented to it. Advertisements and other content constituting commercial information may also be attached to letters incoming to and outgoing from the system account.
- Personal data of website users may be processed by the Administrator:
- Rights of website users regarding their personal data. In accordance with Art. 15 – 22 of the GDPR, every website user is entitled to the following rights:
- Right of access by the data subject (Art. 15 GDPR)The data subject has the right to obtain from the Administrator confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data. In accordance with Art. 15, the Administrator shall provide the data subject with a copy of the personal data undergoing processing.
- Right to rectification (Art. 16 GDPR)The data subject has the right to obtain from the Administrator without undue delay the rectification of inaccurate personal data concerning them.
- Right to erasure (“right to be forgotten”) (Art. 17 GDPR)The data subject has the right to obtain from the Administrator the erasure of personal data concerning them without undue delay and the Administrator shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws consent on which the processing is based;
- the data subject objects pursuant to Art. 21(1) to the processing and there are no overriding legitimate grounds for the processing;
- Right to restriction of processing (Art. 18 GDPR)The data subject has the right to obtain from the Administrator restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the verification;
- the data subject has objected to processing pursuant to Art. 21(1) pending the verification whether the legitimate grounds of the Administrator override those of the data subject;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- 5. Right to data portability (Art. 20 GDPR)The data subject has the right to receive the personal data concerning them, which they have provided to the Administrator, in a structured, commonly used and machine-readable format and has the right to transmit those data to another administrator without hindrance from the Administrator to which the personal data have been provided. The data subject has the right to have the personal data transmitted directly from one administrator to another, where technically feasible. The right referred to in this point shall not adversely affect the rights and freedoms of others.
- 6. Right to object (Art. 21 GDPR)Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.
- Server logs
- In accordance with the accepted practice of most websites, the website operator stores HTTP requests directed to the website operator’s server (information about certain behaviors of website users is logged in the server layer). The viewed resources are identified by URL addresses. The exact list of information stored in the web server log files is as follows:
- the public IP address of the computer from which the request came,
- the name of the client station – identification carried out by the HTTP protocol, if possible,
- the username of the website user provided in the authorization (login) process,
- the time of the request’s arrival,
- the HTTP response code,
- the number of bytes sent by the server,
- the URL address of the page previously visited by the website user (referrer link) – in the event that the transition to the website occurred via a link,
- information about the website user’s web browser,
- information about errors that occurred during the execution of the HTTP transaction.
The above data is not associated with specific persons browsing the pages available within the website. In order to ensure the highest quality of the website, the website operator occasionally analyzes log files to determine which pages within the website are visited most frequently, which web browsers are used, whether the structure of the pages contains errors, etc. - The logs collected by the operator are stored for an indefinite period as auxiliary material used for the proper administration of the website. The information contained therein will not be disclosed to any entities other than the operator or entities related to the operator personally, financially, or by contract. Based on the information contained in these files, statistics may be generated to assist in the administration of the website. Summaries containing such statistics do not contain any features identifying visitors to the website.
- In accordance with the accepted practice of most websites, the website operator stores HTTP requests directed to the website operator’s server (information about certain behaviors of website users is logged in the server layer). The viewed resources are identified by URL addresses. The exact list of information stored in the web server log files is as follows: