Privacy policy
  1. Definitions
    1. The administrator of personal data is MINDPEAK MACIEJ MUCHA with its registered office in Warsaw (03-973), ul. Brukselska 44/36 VAT-UE: 693-192-37-73, REGON: 368134801
    2. Personal data - all information about a physical person identified or identifiable by one or more specific factors determining a physical, physiological, genetic, psychological, economic, cultural or social identity, including image, voice recording, contact details, location data, information contained in correspondence, information collected via recording equipment or other similar technology.
    3. Policy - this Policy of processing and protection of personal data.
    4. GDPR - Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC.
  2. Data processing by the administrator
    1. In connection with the conducted business, the Administrator collects and processes personal data in accordance with the relevant regulations, in particular with the GDPR and the data processing rules provided for in them.
    2. The administrator ensures the transparency of data processing, in particular, always informs about the processing of data at the time of collection, including about the purpose and legal basis of the processing - for example when concluding a sales contract goods or services. The administrator makes sure that the data is collected only to the extent necessary for the purpose indicated and processed only for as long as it is necessary.
    3. By processing data, the Administrator ensures their security and confidentiality as well as access to information on processing to data subjects. If, despite the security measures applied, there has been a breach of the protection of personal data (eg "leak" or loss of data), the Administrator will inform the data subjects of such an event in a manner consistent with the provisions.
    4. Customers' personal data and their e-mail addresses are not made available to third parties, except for: intermediaries in payment transactions for which these data are necessary for the payment; suppliers for whom this data is necessary to deliver the parcel and the accounting office.
  3. Legal basis for data processing
    1. Personal data of all persons using the Administrator's website, including IP addresses or other identifiers and information collected via cookies or other similar technologies, are processed:
      1. in order to provide services electronically in terms of making available to users content collected on the site - then the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the GDPR);
      2. For analytical and statistical purposes - then the legal basis of the processing is the legitimate interest of the Administrator (Article 6 (1) letter f) to conduct user activity analyzes as well as their preferences to improve the functionalities and services provided;
      3. In order to possibly establish and enforce claims or defend against them - the legal basis of the processing is the legitimate interest of the Administrator (Article 6 (1) letter f) of the GDPR consisting in the protection of its rights;
      4. for marketing purposes of the Administrator and other entities - the principles of personal data processing for marketing purposes are described in the "Marketing" section below.
      5. The user's activity on the Administrator's website, including his personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities regarding the IT system used to provide services by the Administrator). Information collected in logs is processed primarily for purposes related to the provision of services. The administrator also processes them for technical and administrative purposes, to ensure the security of the IT system and management of this system, as well as for analytical and statistical purposes - in this respect, the legal basis of processing is the legitimate interest of the Administrator (Article 6 paragraph 1 point f) GDPR).
      6. Session, which the user's web browser establishes with the Administrator's servers from the moment of logging in to logging out of the website, is protected by the SSL protocol. This means that all data, including personal data, are sent using cryptographic security (encryption).
  4. Marketing
    1. The administrator processes personal data of users in order to carry out marketing activities, which may consist in:
      1. displaying marketing content to the user that is not adapted to his preferences (contextual advertising);
      2. displaying to the user marketing content corresponding to their interests (behavioral advertising);
      3. conducting other types of activities related to direct marketing of goods and services (sending commercial information by electronic means and telemarketing activities).
      4. In order to implement marketing activities, the Administrator may use profiling in some cases. This means that due to the automatic processing of data, the Administrator evaluates selected factors concerning natural persons in order to analyze their behavior or create a forecast for the future. The legal basis for data processing in this case is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR).
  5. Permissions related to the processing of data, data subjects
    1. The data subjects have the following rights:
      1. the right to information about the processing of personal data - on this basis, the person submitting the request, the administrator provides information about the processing of data, in particular about the purposes and legal grounds for processing, the scope of data held, entities to which they are disclosed and the planned date of deletion;
      2. the right to obtain a copy of data - on this basis, the Administrator provides a copy of the data processed concerning the person making the request;
      3. the right to rectify - the Administrator is obliged to remove any incompatibilities or errors of personal data being processed and to supplement them if incomplete;
      4. the right to delete data - on this basis you can request deletion of data, the processing of which is no longer necessary to carry out any of the purposes for which they were collected;
      5. the right to limit processing - in the event of such a request, the Administrator ceases to perform operations on personal data - except for operations agreed by the data subject and their retention, in accordance with accepted retention rules or until the reasons for limiting data processing have ceased to exist ( for example, a decision of the supervisory authority will be issued allowing further processing of data);
      6. the right to data transfer - on this basis - to the extent that the data is processed in relation to the concluded agreement or expressed consent - the Administrator issues data provided by the person they concern in a format that allows their reading by the computer. It is also possible to request the transmission of this data to another entity - provided, however, that there are technical possibilities in this regard on the part of the Administrator as well as the other entity;
      7. the right to object to the processing of data for marketing purposes - the data subject may at any time object to the processing of personal data for marketing purposes, without the need to justify such objection;
      8. the right to object to other purposes of data processing - the data subject may at any time object to the processing of personal data which takes place on the basis of the Administrator's justified interest (eg for analytical or statistical purposes or for reasons related to property protection); objection in this respect should contain justification;
      9. the right to withdraw consent - if the data are processed on the basis of the consent given, the data subject has the right to withdraw it at any time, but this does not affect the lawfulness of the processing carried out prior to the withdrawal of the consent.
      10. the right to complaint - if it is decided that the processing of personal data violates the provisions of the GDPR or other provisions on the protection of personal data, the data subject may file a complaint to the President of the Office of Personal Data Protection.
  6. Policy regarding "cookie" files
    1. The site uses a mechanism called cookies (text files saved and stored on the user's computer disk.
    2. The website does not automatically collect any information, except for information contained in cookie files.
    3. The User may object to the placement of cookies on his computer and may at any time disable the option of accepting cookies in his web browser, which shall not cause any difficulties in using the Website.
    4. The website is not responsible for the use of cookies on websites other than Website pages available to users via links placed on the Website.
    5. The Website uses the following types of cookies:
      • "Necessary" cookies, enabling the use of services available on the Website, e.g. authentication cookies used for services that require authentication on the Website;
      • cookies used to ensure security, e.g. used to detect fraud in the field of authentication on the Website;
      • "Performance" cookies, enabling the collection of information on the use of Website pages;
      • "Functional" cookies, allowing "remembering" the settings selected by the User and personalizing the User's interface, eg in terms of the language or region of the User's origin, size of the font, appearance of the website, etc .;
      • "Advertising" cookies, enabling users to provide advertising content more tailored to their interests.
  7. Updates to the privacy policy
    1. In the event of a change in the current privacy policy, appropriate modifications to the above principles will be made available on the Website.
  8. Contact with the Administrator
    1. The Administrator can be contacted via e-mail info@mindpeak.pl.
    2. Questions and doubts regarding the privacy policy of Website users can submit via e-mail: info@mindpeak.pl.