This Privacy Policy (“Policy”) specifies the terms and conditions of processing personal data of the users of kiry9.pl website (“Users”, “Website”) and other persons as designated herein by Anna Styrczula, conducting business under the name Anna Styrczula, Kiry 9, 34-511 Kościelisko, NIP (Tax Identification No.): 7361677495 (“Data Controller”).

I. PERSONAL DATA PROCESSING

  1. [Data Controller] The Controller of your personal data is Anna Styrczula, conducting business under the name Anna Styrczula, Kiry 9, 34-511 Kościelisko, NIP (Tax Identification No.): 7361677495, acting as the Service Provider of the Website. The Data Controller can be contacted via e-mail at kiry9.pokoje@gmail.com or by traditional mail sent to Kiry 9, 34-511 Kościelisko, with the note “GDPR”.
  2. [Purpose of data processing] Your personal data will be processed for the following purposes:
    a) in order to execute the agreement with the Data Controller;
    b) in order to comply with Data Controller’s legal obligations, in particular arising from the applicable tax laws and accounting regulations;
    c) for purposes arising from the Data Controller’s legitimate interests, in particular to maintain contact with you before entering the agreement, as well as during the term of the agreement and after the expiration thereof;
    d) in order to establish, exercise or defend any legal claims;
    e) in relation to the conducted business activities, in particular for analytical and statistic purposes, as well as for marketing purposes;
    f) archiving;
    g) in order to execute the electronic services agreement through the website at kiry9.pl;
    h) for analytical and statistic purposes in order to improve the functionalities and services provided via the Website, ensure the proper operation of the Website and clarify any unauthorized use of the Website, in accordance with the Data Controller’s legitimate interests;
    i) in order to respond to inquiries submitted via the contact form available at kiry9.pl, and to ensure contact with you, in accordance with the Data Controller’s legitimate interests.
  3. [Legal basis for personal data processing] The legal basis for processing your personal data is as follows:
    a) executing the agreement to which you are a party or undertaking actions at your request before entering into the agreement; [Article 6 sec. 1 letter b) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter: “GDPR”];
    b) compliance with the Data Controller’s legal obligations [Article 6 sec. 1 letter c) of GDPR];
    c) Data Controller’s legitimate interest [Article 6 sec. 1 letter f) of GDPR];
    d) consent, if given [Article 6 sec. 1 letter a) of GDPR].
  4. [Transfer of personal data] Your personal data may be received, only if necessary and to the minimum required extent, by entities working with the Data Controller with respect to the services provided to the Data Controller and supporting the Data Controller’s ongoing business processes, in particular by entities providing IT, marketing, legal, shipping and agency services.
  5. [Voluntary provision] Providing your personal data is always voluntary, but necessary for the Data Controller to be able to perform the given activity (in particular to contact you and present its offering).
  6. [Duration of personal data processing] The duration of processing of your personal data depends on the purpose of processing. The duration of storage of your personal data is calculated according to the following criteria:
    a) If data is processed on the basis of your freely given consent, the data will be stored until you withdraw your consent. The personal data processing consent may be withdrawn at any time.
    b) If personal data processing is necessary to execute an agreement to which you are party or to undertake actions at your request before entering into the agreement, your personal data will be processed throughout the term of the agreement and after the expiration thereof, for the limitation period of any claims, arising from the generally applicable provisions of the law.
    c) If personal data processing is necessary for the Data Controller to comply with a legal obligation, your personal data will be processed for the period arising from the generally applicable provisions of the law.
    d) If personal data processing is necessary for the purposes arising from the legitimate interests of the Data Controller or a third party, your personal data will be processed for the period not longer than necessary for the purposes, for which the data are processed, or until an objection is filed against the processing of personal data to the extent related to those purposes, for reasons arising from your specific situation, unless the Data Controller is able to demonstrate a legitimate basis for data processing that overrides your interests, rights and freedoms, or a basis for the establishment, exercise or defence of legal claims.
    e) If personal data are processed for direct marketing purposes, your personal data will be processed until you file an objection against the processing of your data for the purposes of such marketing, including profiling, to the extent that data processing is related to direct marketing.
  7. [Voluntary provision of personal data] Providing your personal data is voluntary. However, if you do not provide all required personal data, this will make it impossible to enter into the agreement and consequently prevent the Data Controller from providing or performing services to or for you.
  8. [Your rights] You have the right to:
    a) access your personal data,
    b) rectify your personal data,
    c) have your personal data erased if:
    d) restrict processing of your personal data,
    e) transfer your data,
    f) object against processing of your personal data,
    g) lodge a complaint with the relevant personal data protection authority – the President of Personal Data Protection Office (UODO).

II. EXERCISING YOUR RIGHTS

  1. Each natural person (hereinafter: “Applicant”) may request the Data Controller to exercise their rights specified in detail in chapter I item 8 hereof.
  2. The requests will be carried out by the Data Controller in accordance with the relevant provisions of GDPR.
  3. You can submit your request to kiry9.pokoje@gmail.com.
  4. If the Data Controller is not processing the Applicant’s data (with the exception of processing of personal data for the purposes of the request itself), the Applicant shall be notified and the Applicant’s personal data acquired as a result of submitting the request will be immediately erased.
  5. The Data Controller may each time verify the Applicant’s identity. If the Applicant’s identity cannot be effectively confirmed due to reasons attributable to the Applicant, the Data Controller may refuse to carry out the request, of which the Applicant shall be immediately notified.
  6. The Data Controller shall respond to the Applicant’s request not later than within 30 days from the date of reception of the request. In complex cases or if significant effort is necessary to process the request, the response deadline may be extended by 2 months, of which the Applicant shall be notified.

III. COOKIES AND SYSTEM LOGS

  1. When the Website is accessed, the system logs receive information on the User’s number (including IP) and type of end device used to access the Website. As a result, the Data Controller also processes data related to the number (including IP) and type of the User’s end device, as well as the connection time and other operational data related to the User’s activity on the Website. The data are processed in particular for technical purposes and to collect general statistics.
  2. During the first visit to the kiry9.pl Website, the User receives the cookie notice (cookies are small text files uploaded to the User’s device to identify them in order to simplify or cancel the given operation). Accepting the cookie notice or otherwise accessing the Website (by clicking the “X” icon in the top right corner) shall be equivalent to consenting to the use of cookies in accordance with this Privacy Policy.
  3. The Data Controller may use cookies to collect information related to the use of the Website by the User. Cookies enable maintaining the User’s session, adjusting the Website to the User’s needs and generating statistics on the impressions of Website pages.
  4. You may change the cookie settings at any time. To do this, you will need to change the relevant browser settings related to cookies. The settings may be changed to block automatic use of cookies in the browser options or to display notification every time cookies are uploaded to the User’s device. Detailed information on the options and handling of cookies are available in the software settings of the given web browser.