EN 
PL Privacy Policy
Check out ours Privacy Policy.
§1 Personal data administration
1. The administrator of personal data is Z.P.U. STAJDER s.c. , Osieczany 352, 32-400 Myślenice, NIP: 6810006380, e-mail address biuro@stajder.pl, telephone number +48 601 511 571.
2. Kontakt z osobą nadzorującą przetwarzanie danych osobowych w organizacji jest możliwy drogą elektroniczną pod adresem e-mail: biuro@stajder.pl, pisemnie na adres Administratora lub telefonicznie pod numerem telefonu +48 601 511 571.
3. Niniejsza Polityka zawiera zasady dotyczące przetwarzania danych osobowych przez Administratora w Serwisie Internetowym, w tym podstawy, cele i zakres przetwarzania danych osobowych oraz prawa osób, których dane dotyczą.
4. Dane osobowe przetwarzane są przez Administratora zgodnie z obowiązującymi przepisami prawa, w szczególności zgodnie z rozporządzeniem Parlamentu Europejskiego i Rady (UE) 2016/679 z dnia 27 kwietnia 2016 r. w sprawie ochrony osób fizycznych w związku z przetwarzaniem danych osobowych i w sprawie swobodnego przepływu takich danych oraz uchylenia dyrektywy 95/46/WE (ogólne rozporządzenie o ochronie danych) Oficjalny tekst Rozporządzenia RODO: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.
5. Uprawnienia Użytkownika nie są bezwzględne i nie przysługują w odniesieniu do wszystkich czynności przetwarzania danych osobowych.
§2 Definitions
1. Administrator – Z.P.U. STAJDER s.c. , Osieczany 352, 32-400 Myślenice, NIP: 6810006380, e-mail address biuro@stajder.pl, telephone number +48 601 511 571.
2. Personal data - information about a natural person identified or identifiable by one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, online identifier and information collected via cookies and other similar technology.
3. Policy – this Privacy Policy.
4. GDPR / GDPR Regulation - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27/04/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
5. Website – website run by the Administrator at https://anetamakselan.pl/.
6. User – any natural person visiting the Website or using one or more services or functionalities described in the Policy.
§3 Security
1. The Administrator has implemented appropriate technical and organizational measures to ensure the security of personal data processing, and in particular is responsible and ensures that the data collected by him are:
a. processed in accordance with law;
b. collected for specified, lawful purposes and not subjected to further processing incompatible with these purposes;
c. substantively correct and adequate in relation to the purposes for which they are processed;
d. stored in a form that permits identification of data subjects for no longer than is necessary to achieve the purpose of processing and
e. processed in a way that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.
§4 Purposes and legal basis for data processing
1. Na podstawie artykuł 6 ust. 1 lit. a) Rozporządzenia RODO (zgody) dane osobowe będą przetwarzane w celach:
a. marketing of products and services of the Administrator and the Administrator's partners, b. sending the Newsletter,
c. moderating content on the Website,
d. saving data in cookies, as well as using cookies for the proper functioning of the Website, e. expressing opinions about a product or service,
f. participation in a webinar or online training,
g. contact via remote communication tools, in particular: telephone, e-mail or application.
2. Pursuant to Article 6(1)(a) b) GDPR Regulation (performance of the contract), daily data will be processed for the purposes of:
a. Performing a sales contract or a contract for the provision of a Service or taking action at the request of the data subject before or after concluding the contract, in particular: the right to warranty, consideration b. Complaints or withdrawal from a distance contract
3. Pursuant to Article 6(1)(a) c) GDPR Regulations (legal obligation imposed on the Administrator), daily data will be processed for the purposes of:
a. Issuing and storing invoices, bills or fulfilling other obligations arising from tax and accounting regulations (archiving obligation regarding accounting documents).
b. Creating registers and other documentation required by the GDPR.
4. Pursuant to Article 6(1)(a) f) GDPR Regulations (legitimate interest of the Administrator), daily data will be processed for the purposes of:
a. Correct implementation of the contract, will be processed for the duration of the contract and the rights arising from it, e.g. the right to make a complaint. Providing data is voluntary, but also necessary.
b. Securing the security of the Website, managing the Website and its proper operation.
c. Conducting statistics and analyzes of traffic on the Website.
d. Direct marketing.
e. Determining claims raised by or against the Administrator.
f. Contact with the User.
g. Website Operation https://oknopiast.pl/.
h. Operating an Instagram account and interacting with Users of the indicated portals.
i. Data may be transferred to the following recipients or categories of recipients of personal data, i.e. courier companies, postal operators, law firms, accounting companies, IT service providers and service providers.
§5 Profiling
1. The GDPR requires the Administrator to provide information about automated decision-making, including profiling, as referred to in Art. 22 section 1 and 4 of the GDPR, and - at least in these cases - important information about the principles of their implementation, as well as the significance and expected consequences of such processing for the data subject. With this in mind, the Administrator provides information regarding possible profiling in this point of the privacy policy.
2. The Administrator may use profiling on the Website for marketing purposes using the personal data provided by the User.
3. The data subject has the right not to be subject to a decision that is based solely on automated processing, including profiling, and produces legal effects concerning him or her or similarly significantly affects him or her.
§6 Personal Data processing period
1. The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, data is processed for the duration of the service provision, until the consent is withdrawn or an effective objection to data processing is raised in cases where the legal basis for data processing is the legitimate interest of the Administrator.
2. The data processing period may be extended if processing is necessary to determine and pursue possible claims or defend against claims, and after that time only if and to the extent required by law. After the processing period, the data is irreversibly deleted or anonymized.
§7 User Rights
1. The user has the following rights in relation to his personal data:
a. access to your personal data,
b. rectification of personal data at any time,
c. deleting your personal data at any time,
d. receiving a copy of your data,
e. restrictions on the processing of personal data,
f. objection to the processing of personal data,
g. transfer of personal data,
h. withdrawal of consent; Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal,
i. objection to the processing of personal data on the basis of the legitimate interest of the Administrator for marketing purposes, direct marketing and for purposes other than marketing,
j. to submit a complaint to the supervisory authority.
§8 Recipients of personal data
1. The Administrator reserves the right to disclose personal data when it results from applicable legal provisions, including the obligation to provide information to the competent administrative or law enforcement authorities.
§9 Transfer of personal data outside the EEA
1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers Personal Data outside the EEA only when necessary, in particular when using the services of an international entity. However, it always ensures an appropriate level of protection, primarily through:
a. cooperation with entities processing Personal Data in countries for which an appropriate decision of the European Commission has been issued regarding the assurance of an adequate level of protection of Personal Data;
b. application of binding corporate rules approved by international certification standards and the relevant supervisory authority;
c. application of standard contractual clauses issued by the European Commission pursuant to Art. 46 GDPR.
d. Personal data may also be transferred outside the EEA based on the User's consent. The user is informed about this event in advance.
§10 Security of Personal Data
1. The Administrator conducts risk analysis on an ongoing basis to ensure that Personal Data is processed securely. Through its operation, it ensures, first of all, that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks performed by them.
2. The Administrator is obliged to take all actions permitted by law to ensure that all operations on Personal Data are registered and performed only by an authorized entity.
3. The Administrator is also obliged to ensure that other entities cooperating with the Administrator guarantee the use of appropriate security measures in each case when they process Personal Data at the request of the Administrator.
§11 Changes to the Privacy Policy
1. The policy is constantly verified and updated.
2. The current version of the Policy has been adopted and is valid from January 1, 2025.