Who is the Data Controller?
The Data Controller (hereinafter referred to as the “Controller”) is the natural person "Paweł Kwiatkowski" residing in Bydgoszcz, providing electronic services via the Website.
How can you contact the Data Controller?
You can contact the Controller in one of the following ways:
Email address - kontakt@wordpresskwiatkowski.pl
Has the Controller appointed a Data Protection Officer?
Based on Article 37 of the GDPR, the Controller has not appointed a Data Protection Officer.
For matters related to data processing, including personal data, you should contact the Controller directly.
Where do we obtain personal data and what are the sources?
Data is obtained from the following sources:
- From the individuals to whom the data relates
- In case of registration via social media portals, with the explicit consent of these individuals, from these social media portals
What is the scope of personal data we process?
The Website processes basic personal data voluntarily provided by the individuals concerned
(e.g., name and surname, login, email address, phone number, IP address, etc.)
The detailed scope of processed data is available in the Privacy Policy.
What are the purposes of our data processing?
Personal data voluntarily provided by Users is processed for one of the following purposes:
- Provision of electronic services:
- Registration and maintenance of a User account on the Website and related functionalities
- Newsletter services (including sending advertising content with consent)
- Communication between the Controller and Users regarding the Website and data protection
- Ensuring the legally justified interest of the Controller
What are the legal bases for data processing?
The Website collects and processes User data based on:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation – GDPR)
- Art. 6(1)(a) – the data subject has given consent to the processing of personal data for one or more specific purposes
- Art. 6(1)(b) – processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract
- Art. 6(1)(f) – processing is necessary for the purposes of legitimate interests pursued by the controller or a third party
- Act of 10 May 2018 on the protection of personal data (Journal of Laws 2018, item 1000)
- Act of 16 July 2004 – Telecommunications Law (Journal of Laws 2004, No. 171, item 1800)
- Act of 4 February 1994 on copyright and related rights (Journal of Laws 1994, No. 24, item 83)
What is the legally justified interest pursued by the Controller?
- For the purpose of establishing, asserting, or defending claims – the legal basis for processing is our legitimate interest (Art. 6(1)(f) GDPR), which involves protecting our rights, including:
- Assessing the risk of potential clients
- Evaluating planned marketing campaigns
- Conducting direct marketing
For how long do we process personal data?
As a rule, the specified personal data is stored only for the duration of the service provided via the Website by the Controller. It is deleted or anonymized within 30 days after the end of the service (e.g., deletion of a registered user account, unsubscribing from the Newsletter, etc.).
In exceptional cases, in order to protect the legally justified interest of the Controller, this period may be extended. In such a case, the Controller will store the data, from the moment of the User's request for deletion, for no longer than 3 years in case of a violation or suspected violation of the Website's terms by the data subject.
Who are the recipients of the data, including personal data?
As a rule, the only recipient of the data is the Controller.
However, data processing may be entrusted to other entities providing services to the Controller in order to maintain the Website’s operation.
Such entities may include, among others:
- Hosting companies providing hosting or related services for the Controller
- Companies providing the Newsletter service
Will your personal data be transferred outside the European Union?
Personal data will not be transferred outside the European Union, unless it was made public as a result of individual action by the User (e.g., posting a comment or entry), making the data accessible to anyone visiting the Website.
Will personal data be used for automated decision-making?
Personal data will not be used for automated decision-making (profiling).
What rights do you have regarding the processing of personal data?
Right of access to personal data
Users have the right to access their personal data, exercised upon request to the ControllerRight to rectify personal data
Users have the right to request the Controller to immediately rectify inaccurate personal data or complete incomplete personal data, exercised upon request to the ControllerRight to delete personal data
Users have the right to request the Controller to immediately delete personal data, exercised upon request to the Controller.
For user accounts, data deletion involves anonymization of data identifying the User.
For the Newsletter service, Users can independently delete their personal data using the link provided in every email message.Right to restrict processing of personal data
Users have the right to restrict processing of personal data in cases specified in Art. 18 GDPR, e.g., when disputing the accuracy of personal data, exercised upon request to the ControllerRight to data portability
Users have the right to obtain personal data concerning them in a structured, commonly used, machine-readable format, exercised upon request to the ControllerRight to object to data processing
Users have the right to object to the processing of their personal data in cases specified in Art. 21 GDPR, exercised upon request to the ControllerRight to lodge a complaint
Users have the right to lodge a complaint with the supervisory authority responsible for personal data protection.