Who is the Data Controller?
The Data Controller (hereinafter referred to as the "Administrator") is the natural person "Paweł Kwiatkowski," residing in Bydgoszcz, providing electronic services through the Service.
How can you contact the Data Controller?
You can contact the Administrator using one of the following methods:
Email address - kontakt@wordpresskwiatkowski.pl
Has the Administrator appointed a Data Protection Officer?
Under Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer.
For matters related to data processing, including personal data, please contact the Administrator directly.
Where do we obtain personal data and what are the sources?
Data is obtained from the following sources:
- From the individuals to whom the data relates
- In the case of registration via social media platforms, with the explicit consent of those individuals, from such social media platforms
What personal data do we process?
The Service processes ordinary personal data voluntarily provided by the individuals concerned
(e.g., name, surname, login, email address, phone number, IP address, etc.)
A detailed list of processed data is available in the Privacy Policy.
What are the purposes of processing personal data?
Personal data voluntarily provided by Users is processed for one of the following purposes:
- Provision of electronic services:
- Registration and maintenance of a User account within the Service and its related functionalities
- Newsletter services (including sending marketing content with consent)
- Communication between the Administrator and Users regarding the Service and data protection
- Ensuring the legitimate interests of the Administrator
What are the legal bases for data processing?
The Service collects and processes Users’ data based on:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR)
- Art. 6(1)(a)
The data subject has given consent to the processing of their personal data for one or more specific purposes - Art. 6(1)(b)
Processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract - Art. 6(1)(f)
Processing is necessary for the purposes of the legitimate interests pursued by the administrator or by a third party
- Art. 6(1)(a)
- Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws 2018, item 1000)
- Act of 16 July 2004 - Telecommunications Law (Journal of Laws 2004, No. 171, item 1800)
- Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994, No. 24, item 83)
What is the Administrator’s legitimate interest?
- For the purposes of establishing, asserting, or defending against claims – the legal basis for processing is our legitimate interest (Art. 6(1)(f) GDPR) in protecting our rights, including but not limited to:
- Assessing potential customer risk
- Evaluating planned marketing campaigns
- Carrying out direct marketing
How long do we process personal data?
As a rule, personal data is stored only for the duration of the service provided by the Administrator within the Service. Data is deleted or anonymized within 30 days from the termination of the service (e.g., deletion of a registered user account, removal from the Newsletter list, etc.).
In exceptional cases, to safeguard the legally justified interests of the Administrator, this period may be extended. In such cases, the Administrator will store the data, from the moment the User requests its deletion, for no longer than 3 years in cases of violation or suspected violation of the Service Terms by the individual concerned.
Who are the recipients of personal data?
As a rule, the only recipient of data is the Administrator.
However, data processing may be entrusted to other entities providing services to the Administrator to maintain the Service’s operation.
Such entities may include, for example:
- Hosting companies providing hosting or related services to the Administrator
- Companies through which the Newsletter service is provided
Will your personal data be transferred outside the European Union?
Personal data will not be transferred outside the European Union, unless published as a result of the individual User’s actions (e.g., posting a comment or entry), making the data accessible to any visitor of the Service.
Will personal data be used for automated decision-making?
Personal data will not be used for automated decision-making (profiling).
What rights do you have regarding personal data processing?
Right of access to personal data
Users have the right to access their personal data, exercised upon request submitted to the Administrator.Right to rectification
Users have the right to request immediate correction of inaccurate personal data or completion of incomplete data, exercised upon request submitted to the Administrator.Right to erasure
Users have the right to request immediate deletion of personal data, exercised upon request submitted to the Administrator.
For user accounts, deletion involves anonymization of data that allows identification of the User.
For the Newsletter service, Users can delete their personal data themselves using the link provided in each email message.Right to restriction of processing
Users have the right to restrict the processing of personal data in cases specified in Article 18 of the GDPR, e.g., disputing the accuracy of the data, exercised upon request submitted to the Administrator.Right to data portability
Users have the right to receive their personal data in a structured, commonly used, and machine-readable format, exercised upon request submitted to the Administrator.Right to object
Users have the right to object to the processing of their personal data in cases specified in Article 21 of the GDPR, exercised upon request submitted to the Administrator.Right to lodge a complaint
Users have the right to lodge a complaint with the supervisory authority responsible for personal data protection.