GDPR
GDPR
Here is a concise and clear summary of the information provided in the Privacy Policy regarding the Data Controller, the purpose and method of processing personal data, and your rights related to this processing, as required by the GDPR information obligation. Details about the processing methods and entities involved in the process are available in the specified policy.
Who is the Data Controller?
The Data Controller (hereinafter referred to as the "Administrator") is the company "Pracownia Znaku Michal Stencel," conducting business at the address: ul. Zaglebiowska 37, 52-007 Wroclaw, Poland with the assigned tax identification number (VAT UE): PL 8992602805, providing electronic services through the Service.
How can you contact the Data Controller?
You can contact the Data Controller using one of the following methods:
- Mailing address - Pracownia Znaku MichalStencel, ul. Zaglebiowska 37, 52-007 Wroclaw, Poland
- Email address - contact@businesscardstudio.com
Has the Administrator appointed a Data Protection Officer?
Based on Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer. For matters related to data processing, including personal data, please contact the Administrator directly.
Where do we obtain personal data, and what are their sources?
Data is obtained from the following sources:
- From individuals to whom the data pertains
- In the case of registration using social media platforms, with the explicit informed consent of these individuals, from these social media platforms
What is the scope of the personal data we process?
The Service processes ordinary personal data voluntarily provided by the individuals to whom they pertain (e.g., name, username, email address, phone number, IP address, etc.). The detailed scope of processed data is available in the Privacy Policy.
What are the purposes of processing our data?
The personal data voluntarily provided by Users are processed for one of the following purposes:
- Providing electronic services: User account registration and maintenance services within the Service and related functionalities, Newsletter services (including sending promotional content with consent), Communication by the Administrator with Users regarding the Service and data protection, Ensuring the legitimate interests of the Administrator
What is the legal basis for data processing?
The Service collects and processes User data based on:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) Article 6(1)(a): The data subject has given consent to the processing of their personal data for one or more specific purposes. Article 6(1)(b): Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract. Article 6(1)(f): Processing is necessary for the purposes of legitimate interests pursued by the data controller or a third party.
- The Act of 10 May 2018 on personal data protection (Journal of Laws of 2018, item 1000)
- The Act of 16 July 2004 - Telecommunications Law (Journal of Laws of 2004, No. 171, item 1800)
- The Act of 4 February 1994 on copyright and related rights (Journal of Laws of 1994, No. 24, item 83)
What is the legitimate interest pursued by the Administrator?
For the potential establishment, investigation, or defense against claims, the legal basis for processing is our legitimate interest (Art. 6(1)(f) of the GDPR), which consists of protecting our rights, including but not limited to, assessing the risk of potential customers, evaluating planned marketing campaigns, and conducting direct marketing.
How long do we process personal data?
As a rule, the personal data in question are stored exclusively for the duration of the service provided within the Service by the Administrator. They are deleted or anonymized within 30 days from the end of the service provision (e.g., the deletion of a registered user account, unsubscribing from the Newsletter, etc.).
In exceptional situations, to secure the legitimate interest pursued by the Administrator, this period may be extended. In such a case, the Administrator will store the specified data, from the time of the User's request for deletion, for no longer than 3 years in case of violation or suspicion of violation of the provisions of the service regulations by the person to whom the data pertains.
Who is the recipient of the data, including personal data?
As a rule, the Administrator is the only recipient of the data. However, data processing may be entrusted to other entities providing services to the Administrator to maintain the operation of the Service. Such entities may include:
- Hosting companies providing hosting or related services for the Administrator
- Companies through which the Newsletter service is provided
- Service and IT support companies performing maintenance or responsible for IT infrastructure maintenance
- Online payment intermediaries for goods or services offered within the Service (in the case of making a purchase transaction on the Service)
- Companies responsible for the Administrator's accounting (in the case of making a purchase transaction on the Service)
- Companies responsible for delivering physical products to Users (postal/courier services in the case of making a purchase transaction on the Service)
Will your personal data be transferred outside the European Union?
Personal data will not be transferred outside the European Union unless they have been published as a result of individual User actions (e.g., commenting or posting), which will make the data available to anyone visiting the Service.
Will personal data be used for automated decision-making?
Personal data will not be used for automated decision-making (profiling).
What are your rights related to data processing?
- Right of access to personal data: Users have the right to access their personal data, which is realized upon request submitted to the Administrator.
- Right to rectify personal data: Users have the right to request the Administrator to promptly correct inaccurate or incomplete personal data, which is realized upon request submitted to the Administrator.
- Right to erase personal data: Users have the right to request the Administrator to promptly erase personal data, which is realized upon request submitted to the Administrator. In the case of user accounts, the deletion of data involves anonymizing data that allows user identification. In the case of the Newsletter service, Users have the option to independently delete their personal data by using the link provided in each email.
- Right to restrict the processing of personal data: Users have the right to restrict the processing of personal data in cases specified in Article 18 of the GDPR, including questioning the accuracy of personal data. This right is realized upon request submitted to the Administrator.
- Right to data portability: Users have the right to obtain from the Administrator personal data concerning them in a structured, commonly used, and machine-readable format, which is realized upon request submitted to the Administrator.
- Right to object to the processing of personal data: Users have the right to object to the processing of their personal data in cases specified in Article 21 of the GDPR, which is realized upon request submitted to the Administrator.
- Right to lodge a complaint: Users have the right to lodge a complaint with the supervisory authority responsible for the protection of personal data.
Changes to the Privacy Policy
The Administrator reserves the right to make changes to this Privacy Policy without the obligation to inform Users regarding the use and application of anonymous data or the use of cookies. The Administrator also reserves the right to make changes to this Privacy Policy concerning the processing of Personal Data, which will be communicated to Users with user accounts or subscribed to the Newsletter service via email within 7 days of the policy change. Continued use of the services signifies acknowledgment and acceptance of the introduced Privacy Policy changes. If Users do not agree with the changes, they are obliged to delete their accounts from the Service or unsubscribe from the Newsletter service. The introduced changes to the Privacy Policy will be published on this subpage of the Service and take effect upon publication.