Hello there!
If you are here, it is a sure sign that you value your privacy. I understand it perfectly and that’s why I am giving you a document in which in one place you will find the rules for the processing of personal data and the use of cookies and other tracking technologies in connection with the functioning of the website https://www.magdalenaolechny.com/.
In the beginning, formal information – the administrator of this site is Magdalena Olechny, VAT EU: PL5472220616; delivery address: al. Armii Krajowej 220 pawilon 2 pok. 202, 43-316 Bielsko-Biała, Poland; e-mail address: contact@magdalenaolechny.com.
This privacy policy is structured in the form of questions and answers. The choice of this form was dictated by the care for transparency and legibility of the information presented to you. Below you will find the table of contents of this policy corresponding to the questions I answer here.
1. Who is the administrator of your personal data?
2. Who can you contact regarding the processing of your personal data?
3. What information do I have about you?
4. Where do I get your personal data from?
5. Is your data safe?
6. For what purposes do I process your personal data?
- User account management – details
- Orders – details
- Complaints and withdrawal from the contract – details
- Newsletter – details
- Comments and opinions about products – details
- Correspondence handling – details
- Tax and accounting obligations – details
- Archive – details
7. How long will I keep your personal data?
8. Who are the recipients of your personal data?
9. Do I transfer your data to third countries or international organizations?
10. Do I use profiling? Do I make automated decisions based on your personal data?
11. What rights do you have in relation to the processing of your personal data?
12. Do I use cookies and what exactly are they?
13. On what basis do I use cookies?
14. Can you disable cookies?
15. For what purposes do I use my own cookies?
16. What third party cookies are used?
- Google Analytics – details
17. Do I track your behavior on my website?
18. Do I use targeted advertising?
19. How can you manage your privacy?
20. What are server logs?
21. Is there anything else you should know?
In case of any doubts related to the privacy policy, you can contact me at any time by sending a message to the following address: contact@magdalenaolechny.com.
1. Who is the administrator of your personal data?
The administrator of your personal data is Magdalena Olechny, VAT EU: PL5472220616; delivery address: al. Armii Krajowej 220 pawilon 2 pok. 202, 43-316 Bielsko-Biała, Poland; e-mail address: contact@magdalenaolechny.com.
2. Who can you contact regarding the processing of your personal data?
As part of the implementation of personal data protection in my business, I have decided not to appoint a personal data protection officer due to the fact that in my situation it is not mandatory. In matters related to the protection of personal data and broadly understood privacy, you can write to me at the e-mail address contact@magdalenaolechny.com.
3. What information do I have about you?
Depending on the purpose, I may process the following information about you:
• first name and last name,
• address,
• business address,
• tax identification number,
• e-mail adress,
• phone number,
• data contained in correspondence addressed to me,
• bank account number,
• IP address,
• image (profile photo)
I have described the scope of the processed data in relation to each processing purpose. Information in this regard can be found in the further part of this policy.
4. Where do I get your personal data from?
In most cases, you pass them on to me yourself. This happens when:
• you place an order,
• you submit complaints or withdraw from the contract,
• you subscribe to the newsletter,
• you add a comment or opinion about a product,
• you contact me.
In addition, some information about you may be automatically collected by the tools I use:
• the website and newsletter system mechanisms collect your IP address,
• the mechanism of the newsletter system collects information about your activity in relation to the content sent to you as part of the newsletter, such as opening messages, clicking on links, etc.
5. Is your data safe?
I care about the security of your personal data. I have analyzed the risks associated with individual data processing processes, and then I have implemented appropriate security and personal data protection measures. I monitor the condition of my technical infrastructure on an ongoing basis, observe the procedures applied, and introduce necessary improvements. If you have any questions regarding your personal data, I am at your disposal at: contact@magdalenaolechny.com.
6. For what purposes do I process your personal data?
There is more than one of these purposes. Below is a list of them, followed by a more detailed discussion. I have also assigned the appropriate legal grounds for processing to the particular purposes.
• user account management – art. 6 ust. 1 lit. b RODO,
• order handling – art. 6 sec. 1 lit. b RODO, • order handling – art. 6 sec. 1 lit. b RODO,
• handling complaints or withdrawing from the contract – art. 6 sec. 1 lit. f RODO,
• sending the newsletter – art. 6 sec. 1 lit. a RODO,
• handling comments or opinions about a product – Art. 6 sec. 1 lit. a RODO,
• handling correspondence – art. 6 sec. 1 lit. f RODO,
• fulfillment of tax and accounting obligations – art. 6 sec. 1 lit. c RODO,
• creating an archive for the possible need to defend, establish or pursue claims, as well as to identify a returning customer – art. 6 sec. 1 lit. f RODO.
User account management – details
When creating a user account, you must provide the data necessary to create an account specified in the registration form. Providing data is a condition for creating an account.
When editing your account details, you can provide further details according to the options available within your account.
In addition, our system used to handle user accounts saves your IP number, which you used when registering a user account.
The data is processed in order to provide you with the user account service. After deleting the user account, the data is archived for the purpose of establishing, pursuing or defending claims related to the user account service.
Orders – details
When placing an order, you must provide the data necessary to complete the order. Depending on the order details, the data catalog may be different. For example, if you order physical products, I need to know the address to which to deliver the order to you. If you are requesting a VAT invoice for a company, I need to know the tax identification number and the business address. Providing data is voluntary, but necessary to place an order.
Each order is saved in my database, which means that your personal data assigned to the order is also accompanied by information about the order, such as ordered products, selected payment method, selected delivery method, payment date.
The data collected in connection with the order are processed in order to perform the contract concluded by placing an order (Article 6 (1) (b) of the GDPR), issuing an invoice (Article 6 (1) (c) of the GDPR in connection with the provisions regulating issuing invoices), including the invoice in the accounting documentation and the fulfillment of other tax and accounting obligations (Article 6 (1) (c) of the GDPR in connection with the provisions governing tax and accounting obligations) and for archival purposes for the purposes of possible defense, establishing or pursuing claims, as well as identifying the returning customer, which is my legitimate interest (Article 6 (1) (f) of the RODO).
Data about orders will be processed for the time necessary to perform the order, and then until the expiry of the limitation period for claims under the contract. Remember also that I am obliged to keep accounting records, which may contain your personal data, for the period required by law.
Complaints and withdrawal from the contract – details
If you submit a complaint or withdraw from the contract, you provide personal data contained in the content of the complaint or the declaration of withdrawal from the contract, which includes your name and surname, address, telephone number, e-mail address, bank account number. Providing data is voluntary, but necessary to submit a complaint or withdraw from the contract.
The data provided to me in connection with the submission of a complaint or withdrawal from the contract are used to implement the complaint procedure or the procedure for withdrawal from the contract, and then for archival purposes, which is my legitimate interest (Article 6 (1) (f) of the RODO).
The data will be processed for the time necessary to implement the complaint procedure or the withdrawal procedure. Complaint documents will be kept until the expiry of the warranty rights. The statements of withdrawal from the contract will be kept together with the accounting documentation for the period required by law.
Newsletter – details
By subscribing to the newsletter, you provide me with your name (optional) and e-mail address. Providing data is voluntary, but necessary (in the case of an e-mail address) to subscribe to the newsletter.
In addition, my system used to handle the newsletter, saves your IP number that you used when subscribing to the newsletter, determines your approximate location, the e-mail client you use to handle e-mail and tracks your actions taken in connection to the news sent to You. Therefore, I also know which messages you have opened, in which messages you clicked on links, etc.
The data provided to me in connection with the subscription to the newsletter is used to send you the newsletter, and the legal basis for their processing is your consent (Article 6 (1) (a) of the RODO) expressed when subscribing to the newsletter. As for the processing of information that does not come from you, and was collected automatically by my mailing system,I rely in this respect on my legitimate interest (Article 6 (1) (f) of the RODO) in analyzing the behavior of newsletter subscribers in in order to optimize mailing activities.
You can unsubscribe from the newsletter at any time by clicking on the dedicated link in each message sent as part of the newsletter or by simply contacting me. Despite unsubscribing from the newsletter, your data will still be stored in my database in order to identify the returning subscriber and possibly defend claims related to sending you the newsletter, in particular to prove that you consent to receiving the newsletter and the moment of its withdrawal, which is my legal legitimate interest referred to in art. 6 sec. 1 lit. f RODO.
You can modify your data provided for the purpose of receiving the newsletter at any time by clicking on the appropriate link visible in each message sent as part of the newsletter or by simply contacting me.
Comments and opinions about products – details
When adding a comment or opinion about a product, you must provide at least a username that will be assigned to the comment or opinion (the name may contain personal data, such as name or surname) and an e-mail address. Providing this data is voluntary, but necessary to add a comment or opinion. You can also add your avatar (it may contain your image, e.g. a photo) and provide your website address, but it is not obligatory.
The data provided in connection with adding a comment or opinion will be processed in order to publish a comment or opinion on the website. The basis for processing is your consent (Article 6 (1) (a)) resulting from sending a form for publishing a comment or opinion. You can withdraw your consent at any time by requesting the removal of your comment or opinion.
Your comment or opinion will be publicly available on the website as long as it is available on the Internet, unless you request removal of the comment or opinion in advance. You can also modify the content of the comment at any time, as well as modify the data assigned to it as the person who added the comment or opinion.
Correspondence handling – details
By contacting me, you naturally provide me with your personal data contained in the correspondence, in particular your e-mail address and name and surname. Providing data is voluntary, but necessary to make contact.
In this case, your data is processed in order to contact you, and the basis for processing is art. 6 sec. 1 lit. f RODO, i.e. my legitimate interest. The legal basis for processing after the end of contact is also my legitimate purpose in the form of archiving correspondence for the purpose of ensuring the possibility of proving certain facts in the future (Article 6 (1) (f) of the RODO).
The content of the correspondence may be archived and I am not able to clearly determine when it will be deleted. You have the right to request a history of correspondence with me (if it was subject to archiving), as well as request its removal, unless its archiving is justified due to my overriding interests, e.g. defense against potential claims on your part.
Tax and accounting obligations – details
If I issue an invoice for you, it is part of the accounting documentation, which will be kept for the period of time required by law. In such a situation, your personal data is processed in order to fulfill my tax and accounting obligations (Article 6 (1) (c) of the RODO regarding the provisions governing tax and accounting obligations).
Archive – details
As part of the description of the individual purposes of personal data processing, which are listed above, I have indicated the dates of personal data storage. These terms are often related to the archiving of certain data by me for the purpose of ensuring the possibility of proving certain facts in the future, reconstructing the course of cooperation with the client, exchanged correspondence, defense, establishing or pursuing claims. In this regard, I rely on my legitimate interest, referred to in art. 6 sec. 1 lit. f RODO.
7. How long will I keep your personal data?
The data storage periods have been indicated separately for each purpose of processing. You will find this information under the details for each processing purpose.
8. Who are the recipients of your personal data?
I will risk saying that modern business cannot do without services provided by third parties. I also use such services. Some of these services are related to the processing of your personal data. External service providers who are involved in the processing of your personal data are:
• hosting provider that stores data on the server,
• cloud computing service provider in which backups that may contain your personal data are stored,
• a print-on-demand company that carries out orders placed by you in this store or after personal contact with me,
• provider of the mailing system in which your data is stored, if you are a newsletter subscriber,
• courier companies that process your data to the extent necessary to deliver your order,
• a law firm that obtains access to data if it is necessary to provide legal assistance to me,
• an entity providing maintenance services that gains access to data, if the technical works carried out relate to areas where personal data are located,
• other subcontractors who gain access to data, if the scope of their activities requires such access.
Your personal data may also be transferred to tax offices to the extent necessary to fulfill tax, settlement and accounting obligations. It concerns in particular all declarations, reports, statements and other accounting documents in which your personal data is located.
In addition, if necessary, your personal data may be made available to entities, authorities or institutions authorized to obtain access to data on the basis of legal provisions, such as the police, security services, courts, prosecutor’s offices.
What’s more, I use tools that collect a lot of information about you related to the use of my website. It concerns, in particular, the following information:
• information about the operating system and the web browser you use,
• viewed subpages,
• time spent on the website,
• transitions between individual subpages,
• clicks on individual links,
• the source from which you go to my website,
• the age range you are in,
• your gender,
• your approximate location limited to the town,
• your interests based on your online activity.
This information in itself is not, in my opinion, personal data. As this information is collected by external tools that I use, this information is also processed by tool providers on the terms resulting from their regulations and privacy policies. Basically, this information is used to provide and improve services, manage them, develop new services, measure the effectiveness of advertisements, protect against fraud and abuse, as well as personalize the content and advertisements displayed on individual websites, sites and applications. I have tried to describe the details in this regard in the further part of this policy, as part of the explanations for individual tools.
9. Do I transfer your data to third countries or international organizations?
Yes, part of the processing of your personal data may involve their transfer to third countries.
I transfer your personal data to third countries in connection with the use of tools that store personal data on servers located in third countries, in particular in the USA. The providers of these tools guarantee an adequate level of protection of personal data through appropriate compliance mechanisms provided for by the GDPR, in particular through the use of standard contractual clauses.
Personal data is stored on servers located in third countries using the following tools:
• Stripe payment processing, the provider of which is Stripe Payments Europe, Ltd., The One Building, Lower Grand Canal St, Dublin 2, Ireland – in terms of all data related to the processing of payments for the order and the possible processing of withdrawals and complaints. Details here: https://stripe.com/en-pl/privacy
I also remind you here that I use external tools that may collect anonymous information about you. I have already mentioned this several times under this policy, including in response to a previous question. The providers of these tools often use servers located around the world, in particular in the United States of America (USA), to store the collected information.
10. Do I use profiling? Do I make automated decisions based on your personal data?
I do not make decisions based solely on automated processing, including profiling, which would have legal effects on you or similarly significantly affect you.
Yes, I use tools that can take specific actions depending on the information collected as part of the tracking mechanisms, but I believe that these actions do not have a significant impact on you because they do not differentiate your situation as a customer, they do not affect the terms of the contract you can to conclude with me, etc.
By using certain tools, I can, for example, direct personalized advertisements to you based on your previous activities on my website or suggest products that may be of interest to you. I am talking about the so-called behavioral advertising. I encourage you to learn more about behavioral advertising, in particular regarding privacy issues. Detailed information, along with the ability to manage your behavioral advertising settings, can be found here: http://www.youronlinechoices.com.
I emphasize that as part of the tools I use, I do not have access to information that would allow your identification. The information I am talking about here is, in particular:
• information about the operating system and the web browser you use,
• viewed by the public,
• time spent on the website,
• transitions between individual subpages,
• the source from which you go to my website,
• the age range you are in,
• your gender,
• Your approximate location limited to the city,
• Your interests based on your online activity.
I do not match the information indicated above with your personal data, which is in our databases. This information is anonymous and does not allow me to identify you. This information is stored on the servers of the suppliers of individual tools, and these servers can most often be located around the world.
11. What rights do you have in relation to the processing of your personal data?
RODO (Polish implementation of GDPR) grants you the following potential rights related to the processing of your personal data:
• the right to access your data and receive a copy of it,
• the right to rectify (correct) your data,
• the right to delete data (if in your opinion there are no grounds for me to process your data, you can request that I delete it),
• the right to limit data processing (you can request that I limit the processing of data only to their storage or performance of activities agreed with you, if, in your opinion, I have incorrect data or I process it unreasonably),
• the right to object to the processing of data (you have the right to object to the processing of data on the basis of a legitimate interest; you should indicate a special situation that, in your opinion, justifies the termination of the processing covered by the objection; I will stop processing your data for these purposes, unless I prove, that the grounds for data processing by me override your rights or that your data is necessary for me to establish, assert or defend claims),
• the right to transfer data (you have the right to receive from me, in a structured, commonly used, machine-readable format, personal data that you provided to me on the basis of a contract or your consent; you can commission me to send this data directly to another entity),
• the right to withdraw consent to the processing of personal data, if you previously gave such consent,
• the right to lodge a complaint with a supervisory authority (if you find that I am processing data unlawfully, you can file a complaint with the the President of the Personal Data Protection Office or another competent supervisory authority).
The rules related to the implementation of the above-mentioned rights are described in detail in Art. 16 – 21 RODO. I encourage you to familiarize yourself with these regulations. For my part, I consider it necessary to explain to you that the above-mentioned rights are not absolute and will not appertain to you in every case of processing of your personal data.
I emphasize that you always have one of the rights indicated above – if you believe that I have violated the provisions on the protection of personal data while processing your personal data, you have the option to lodge a complaint with the supervisory body (the President of the Personal Data Protection Office).
If you would like to contact me directly, please write to contact@magdalenaolechny.com. However, I have made every effort to ensure that the information you are interested in is comprehensively presented in this privacy policy. You can also use the e-mail address provided above if you have any questions related to the processing of your personal data.
12. Do I use cookies and what exactly are they?
My website, like almost all other websites, uses cookies.
Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone), which can be read by my ICT system (own cookies) or ICT systems of third parties (third party cookies). In cookies, specific information can be saved and stored, to which IT systems can then access for specific purposes.
Some of the cookies I use are deleted after the end of the browser session, i.e. after closing it (so-called session cookies). Other cookies are stored on your end device and allow me to recognize your browser the next time you visit the website (persistent cookies).
If you want to learn more about cookies as such, you can see, for example, this material: https://wikipedia.org/wiki/HTTP_cookie.
13. On what basis do I use cookies?
I use cookies based on your consent, except when cookies are necessary for the proper provision of electronic services to you.
Cookies that are not necessary for the proper provision of the electronic service remain blocked until you consent to my use of cookies. During your first visit to my website, I display a message asking for your consent along with the option to manage cookies, i.e. decide which cookies you agree to and which you want to block.
Remember that disabling or limiting the use of cookies may prevent you from using some of the functions available on my website and cause difficulties in using my website, as well as from many other websites that use cookies. For example, if you block cookies from social plug-ins, buttons, widgets and social functions implemented on my website may not be available to you.
14. Can you disable cookies?
Yes, you can manage cookie settings within your web browser. You can block all or selected cookies. You can also block cookies from specific websites. You can also delete previously saved cookies and other site and plug-in data at any time.
Web browsers also offer the option of using incognito mode. You can use it if you do not want information about visited pages and downloaded files to be saved in your browsing and download history. Cookies created in Incognito mode are deleted when all Incognito windows are closed.
There are also browser plug-ins for controlling cookies, such as Ghostery (https://www.ghostery.com). The option to control cookies may also be provided by additional software, in particular anti-virus packages, etc.
In addition, there are tools available on the Internet that allow you to control some types of cookies, in particular for collective management of behavioral advertising settings (e.g. www.youronlinechoices.com/, www.networkadvertising.org/choices).
I also give you the ability to control cookies directly from my website. I have implemented a special mechanism for managing cookies that allows you to block cookies that you do not want.
Remember that disabling or limiting the use of cookies may prevent you from using some of the functions available on my website and cause difficulties in using my website, as well as from many other websites that use cookies. For example, if you block cookies from social plug-ins, buttons, widgets and social functions implemented on my website may not be available to you.
15. For what purposes do I use my own cookies?
My own cookies are used to ensure the proper functioning of individual website mechanisms, such as maintaining a session after logging in to the account, remembering recently viewed products and products added to the basket. My own cookies also store information about the cookie settings defined by you, made from the level of the cookie management mechanism.
16. What third party cookies are used?
The following third party cookies are used on my website:
• Google Analytics
Details on individual third party cookies are described below.
Google Analytics – details
I use the Google Analytics tool provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. I carry out activities in this area based on my legitimate interest, consisting in creating statistics and their analysis in order to optimize my websites.
In order to use Google Analytics, I have implemented a special Google Analytics tracking code in the code of my website. The tracking code uses Google LLC cookies for the Google Analytics service. You can block the Google Analytics tracking code at any time by installing the browser add-on provided by Google: https://tools.google.com/dlpage/gaoptout.
Google Analytics automatically collects information about your use of my website. The information collected in this way is most often transferred to Google servers, which can be located all over the world and stored there.
Due to the IP anonymization activated by me, your IP address is shortened before forwarding. Only in exceptional cases is the full IP address transferred to Google servers and shortened there. The anonymized IP address provided by your browser as part of Google Analytics is, as a rule, not combined with other Google data.
I emphasize that as part of Google Analytics I do not collect any data that would allow your identification. Therefore, the data collected as part of Google Analytics is not personal data for me. The information I have access to as part of Google Analytics is, in particular:
• information about the operating system and the web browser you use,
• subpages that you browse on my website,
• time spent on my website and on its subpages,
• transitions between individual subpages,
• links that you click on my website,
• files downloaded on my website,
• the source from which you come to my site.
In addition, as part of Google Analytics, I use the following Advertising Functions:
• demographic and interest reports,
• remarketing,
• advertising reporting functions, user-ID.
As part of the Advertising Functions, I also do not collect personal data. The information I have access to is, in particular:
• the age range you are in,
• your gender,
• Your approximate location limited to the city,
• Your interests based on your online activity.
Google Analytics and Google Analytics 360 services have been certified by the independent security standard ISO 27001. ISO 27001 is one of the most recognized standards in the world and certifies compliance with the relevant requirements by the systems supporting Google Analytics and Google Analytics 360.
If you are interested in details related to Google’s use of data from websites and applications that use Google services, I encourage you to read this information: https://policies.google.com/technologies/partner-sites.
17. Do I track your behavior on my website?
Yes, I use Google Analytics which collects information about your activity on my website. This tool is described in detail in the third-party cookie question, so I will not repeat this information here as well.
18. Do I use targeted advertising?
No, I do not use targeted advertising.
19. How can you manage your privacy?
The answer to this question can be found in many places in this privacy policy when describing individual tools, behavioral advertising, consent to cookies, etc. However, for your convenience, I have collected this information once again in one place. Below you will find a list of options for managing your privacy:
• cookie settings in the web browser,
• browser plugins supporting the management of cookies, e.g. Ghostery,
• additional cookie management software,
• incognito mode in a web browser,
• behavioral advertising settings, e.g. youronlinechoices.com,
• cookie management mechanism from the level of my website,
• Google Analytics Opt-out: https://tools.google.com/dlpage/gaoptout,
• Facebook Ads Settings: https://www.facebook.com/ads/settings,
Using the website involves sending queries to the server on which the website is stored. Each query directed to the server is saved in the server logs.
Logs include Your IP address, server date and time, information about the web browser and operating system you use. Logs are saved and stored on the server.
The data stored in the server logs are not associated with specific people using the website and are not used by me to identify you.
The server logs are only auxiliary material used to administer the website, and their content is not disclosed to anyone except those authorized to administer the server.
20. What are server logs?
Using the website involves sending queries to the server on which the website is stored. Each query directed to the server is saved in the server logs. Logs include Your IP address, server date and time, information about the web browser and operating system you use. Logs are saved and stored on the server. The data stored in the server logs are not associated with specific people using the website and are not used by me to identify you. The server logs are only auxiliary material used to administer the website, and their content is not disclosed to anyone except those authorized to administer the server.
21. Is there anything else you should know?
As you can see, the subject of personal data processing, the use of cookies and general privacy management is quite complicated. I have made every effort to ensure that this document provides you with as much knowledge as possible on issues important to you. If anything is unclear to you, you want to know more or just talk about your privacy, please write to me at contact@magdalenaolechny.com.