Privacy Policy

I. GENERAL PROVISIONS

  1. The Service does not automatically collect any information, except for information contained in cookies.
  2. The administrator of your personal data is cyberstudio sp. z o. o., located at Żelazna 17d, 40-851 Katowice, KRS 0000199999, NIP 6341004870, REGON 2722515470 (hereinafter referred to as the "Administrator"). The Administrator can be contacted via email at [email protected].
  3. The Administrator reserves the right to make changes to this Policy, and each User of the Service is obliged to be familiar with the provisions of the current Policy. Changes may be prompted by the development of internet technology, changes in generally applicable law, or the development of the Service through the implementation of new functionalities by the Administrator. Changes will be communicated to Users of the Service by posting the updated version on the Service or in a manner customarily used by the Administrator in communication with Users, including via email.

 

II. PROCESSING OF PERSONAL DATA IN CONNECTION WITH THE USE OF THE SERVICE

In connection with the User's use of the Service, the Administrator collects data to the extent necessary to provide the offered services. Below are detailed rules and purposes of processing personal data collected during the use of the Service by the User.

 

Purpose of Processing Personal Data

Legal Basis and Data Retention Period

Taking actions necessary to conclude and perform the contract

Legal basis: Art. 6(1)(b) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter "RODO") – performance of the contract.

 

Period of processing: for the duration of the contract and for the period resulting from legal regulations relating to the obligation to retain accounting documents, as well as for the period of limitation of potential claims.

Fulfilling the Administrator's obligations resulting from legal regulations, in particular related to accounting and bookkeeping

Legal basis: Art. 6(1)(c) RODO – legal obligation.

 

Period of processing: Data are processed for the period specified by applicable law. In the case of accounting and bookkeeping, this period is generally 5 years from the end of the year in which the event related to the issuance of the accounting document occurred.

Conducting correspondence, resolving issues, including responding to questions via the contact form provided in the Service

Legal basis: Art. 6(1)(f) RODO – legitimate interest of the Administrator.

 

Period of processing: no longer than necessary to provide a response and/or resolve the issue, with the provision that after this period, the data may be processed for the limitation period of potential claims.

Analyzing network traffic, ensuring security within the Service, and adapting content to User needs

Legal basis: Art. 6(1)(f) RODO – legitimate interest of the Administrator.

 

Period of processing: Data related to network traffic analysis collected via cookies and similar technologies may be stored until the cookie expires. Some cookies never expire, so the data storage time will be equivalent to the time necessary for the Administrator to achieve the purposes related to data collection, such as ensuring security and analyzing historical data related to website traffic.

Establishing, pursuing, and defending against claims

Legal basis: Art. 6(1)(f) RODO – legitimate interest of the Administrator.

 

Period of processing: until the limitation period of potential legal claims.

 

Voluntary Provision of Data:

Providing data is voluntary but necessary for the execution of the contract and other purposes specified above by the Administrator. Refusal to provide data may result in the inability to execute the specified processing purposes.

Profiling

The Administrator will not use the obtained User data to make decisions based solely on automated processing, including profiling as understood in Art. 22 RODO.

Data Recipients

The Administrator may share processed User data of the Service with:

  • Its employees and collaborators who may have access to User data within a specified, limited authorization scope related to their job duties.
  • External entities to whom the Administrator has entrusted the processing of personal data of Service Users, particularly: technical service providers (i.e., IT services, system providers), etc.
  • Authorized entities, to the extent and on the principles specified by law.

 

Transfer of Data to Third Countries

As a rule, Users' personal data will not be transferred outside the European Economic Area (EEA). However, considering the provision of services by our subcontractors in support of teleinformatics services and IT infrastructure, the Administrator may commission certain tasks or IT activities to recognized subcontractors operating outside the EEA, which may result in the transfer of User data outside the EEA. Countries outside the EEA ensure an adequate level of personal data protection in line with EEA standards. For recipients in territories not covered by the European Commission's decision, to ensure an adequate level of this protection, the Administrator or the entity acting on behalf of the Administrator concludes agreements with the recipients of personal data based on standard contractual clauses issued by the European Commission or applies other appropriate and suitable safeguards required by data protection regulations.

 

Rights Related to Processing

The RODO specifies certain rights granted to individuals concerning the processing of their personal data by data controllers. Accordingly, Users of the Service have the right to:

  • Access their personal data and obtain a copy (Art. 15 RODO).
  • Rectify or update their personal data (Art. 16 RODO).
  • Erase their personal data (Art. 17 RODO).
  • Restrict the processing of personal data (Art. 18 RODO).
  • Withdraw consent (Art. 7(3) RODO) – withdrawal of consent does not affect the legality of processing based on consent before its withdrawal.
  • Object to the processing when the legal basis is the legitimate interest of the administrator (Art. 21 RODO).
  • Lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw) if there is a suspicion that the processing of data by the Administrator violates RODO regulations.

To exercise these rights, please contact the Administrator via email at [email protected] or by mail at the address provided above.

Please note that the rights listed above are not absolute and may not apply in every case of User data processing by the Administrator. Before exercising these rights, the Administrator is required to verify the identity of the person making the request as the data subject of the personal data in question.

 

III. PROCESSING OF PERSONAL DATA VIA SOCIAL MEDIA [FACEBOOK, INSTAGRAM]

In connection with the User's use of Social Media, such as:

The Administrator processes Users' personal data.

Detailed rules and purposes of personal data processing collected during the use of Social Media by the User are described below.

Purpose of Processing Personal Data

Legal Basis and Data Retention Period

Effectively managing profiles on Social Media, particularly by providing Users with information about products, initiatives, and other activities related to promoting various events, services, and products

Legal basis: Art. 6(1)(f) RODO – legitimate interest of the Administrator.

Period of processing: no longer than necessary to provide a response and/or resolve the issue, with the provision that after this period, the data may be processed for the limitation period of potential claims. Processing may also continue until an objection is lodged (or the user account is deleted on Social Media).

Enabling activity on the Administrator's profiles, particularly by conducting correspondence through services offered by Social Media providers (e.g., private messages, comments, etc.) to resolve issues, including responding to questions

Legal basis: Art. 6(1)(f) RODO – legitimate interest of the Administrator.

Period of processing: until an objection is lodged (or the user account is deleted on Social Media).

Establishing, pursuing, and defending against claims

Legal basis: Art. 6(1)(f) RODO – legitimate interest of the Administrator.

Period of processing: until the limitation period of potential legal claims.

 

 

Voluntary Provision of Data:

Providing data is voluntary but necessary for the execution of the contract and other purposes specified above by the Administrator. Refusal to provide data may result in the inability to execute the specified processing purposes.

Profiling

The Administrator will not use the obtained User data to make decisions based solely on automated processing, including profiling as understood in Art. 22 RODO.

Data Recipients

The catalog of personal data recipients processed by the Administrator depends mainly on the products and services used by the Social Media User and their consent or applicable law provisions. The Administrator may share processed User data with:

  • Its employees and collaborators who may have access to User data within a specified, limited authorization scope related to their job duties.
  • External entities to whom the Administrator has entrusted the processing of personal data of Social Media Users, especially technical service providers (i.e., IT services, system providers), transport companies, debt collection service providers, etc.
  • Authorized entities, to the extent and on the principles specified by law.

Transfer of Data to Third Countries

As a rule, Users' personal data will not be transferred outside the European Economic Area (EEA). However, considering the provision of services by our subcontractors in support of teleinformatics services and IT infrastructure, the Administrator may commission certain tasks or IT activities to recognized subcontractors operating outside the EEA, which may result in the transfer of User data outside the EEA. Countries outside the EEA ensure an adequate level of personal data protection in line with EEA standards. For recipients in territories not covered by the European Commission's decision, to ensure an adequate level of this protection, the Administrator or the entity acting on behalf of the Administrator concludes agreements with the recipients of personal data based on standard contractual clauses issued by the European Commission or applies other appropriate and suitable safeguards required by data protection regulations.

Rights Related to Processing

The RODO specifies certain rights granted to individuals concerning the processing of their personal data by data controllers. Accordingly, Users of the Service have the right to:

  • Access their personal data and obtain a copy (Art. 15 RODO).
  • Rectify or update their personal data (Art. 16 RODO).
  • Erase their personal data (Art. 17 RODO).
  • Restrict the processing of personal data (Art. 18 RODO).
  • Withdraw consent (Art. 7(3) RODO) – withdrawal of consent does not affect the legality of processing based on consent before its withdrawal.
  • Object to the processing when the legal basis is the legitimate interest of the administrator (Art. 21 RODO).
  • Lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw) if there is a suspicion that the processing of data by the Administrator violates RODO regulations.

To exercise these rights, please contact the Administrator via email at [email protected] or by mail at the address provided above.

Please note that the rights listed above are not absolute and may not apply in every case of User data processing by the Administrator. Before exercising these rights, the Administrator is required to verify the identity of the person making the request as the data subject of the personal data in question.

 

Joint Administration of Social Media User Data

The Administrator may process personal data of Users visiting the Administrator's business profiles on Social Media (i.e., Facebook, X, LinkedIn) to analyze how users interact with the Administrator's business profile and related content (e.g., following or unfollowing the Administrator's business profile on a given Social Media platform, recommending the business profile in a post, reacting to the Administrator's publications, etc.) (legal basis: Art. 6(1)(f) RODO – the legitimate interest of the Administrator, which is conducting statistics). In such cases, the Administrator and the owner of the given Social Media platform are joint controllers of the personal data of the users.

Details regarding the processing of personal data of users within this processing are specified:

The responsibility for notifying Users using the products and services of a given Social Media platform about data processing for statistics purposes and enabling them to exercise their rights in accordance with RODO lies with the owner of the given Social Media platform.

 

IV. USE OF COOKIES

  1. The Service does not automatically collect any information, except for information contained in cookies.

  2. Cookies ("cookies") are IT data, primarily text files, stored on your end device (terminal equipment) used to access the Service and allow you to use it. Cookies typically contain the name of the website from which they originate, the storage duration on the end device, and a unique number or signature.

  3. The entity placing cookies on your end device and accessing them is the Administrator.

  4. Cookies are used to:

    • Adjust the content of the Service to the user's preferences and optimize the use of the Service; in particular, these files allow recognizing your device and appropriately displaying the Service in a way tailored to its individual technical needs.
    • Create statistics (including through the use of Google Analytics) that help understand how users use the Service's web pages, which enables improving their structure and content.
    • Display personalized advertisements tailored to Users' interests and online behavior.
    • Verify the effectiveness of advertising and promotional campaigns.
  5. The following types of cookies are used within the Service:

    • "Necessary" cookies, enabling the use of services available within the Service, e.g., authentication cookies used for services requiring authentication within the Service.
    • Security cookies, e.g., used to detect authentication abuses within the Service.
    • "Performance" cookies, enabling the collection of information on how the Service's web pages are used.
    • "Functional" cookies, enabling "remembering" the settings chosen by the user and personalizing the user interface, e.g., regarding the chosen language or region of the user, font size, website appearance, etc.
    • "Advertising" cookies, enabling the delivery of advertising content more tailored to Users' interests.
  6. In many cases, the software used to access the Service (i.e., web browser) by default allows cookies to be stored on the user's end device. You can change the cookie settings at any time. These settings can be changed, in particular, to block the automatic handling of cookies in the web browser settings or to inform about their placement on your device each time. Detailed information about the possibility and ways of handling cookies is available in the software settings (web browser).

  7. The Administrator informs that introducing restrictions on the use of cookies may affect some functionalities available within the Service.

  8. Cookies placed on your end device may also be used by advertisers and partners cooperating with the Service operator.