PRIVACY POLICY
- Table of Contents
1. General Provisions
2. Legal Basis for Data Processing
3. Purpose, Basis, Period and Scope of Data Processing
4. Data Recipients
5. Rights of the Data Subject
6. Cookies, Operational Data and Analytics
7. Final Provisions
1. GENERAL PROVISIONS
1.1. This Privacy Policy is for information purposes. The Privacy Policy contains primarily the rules concerning the processing of personal data by the Controller, including the legal bases, purposes and scope of personal data processing and the rights of data subjects, as well as information regarding the use of cookies and analytical tools.
1.2. The Controller of personal data is Dorota Salus Usługi Reklamowo-Tłumaczeniowe, ul. Al. Kościuszki 128/81, 90-451 Łódź , NIP 6571779617– hereinafter referred to in this document as the “Controller”.
1.3. Personal data are processed by the Controller in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR” or “GDPR Regulation”.
1.4. The use of the Controller’s services is voluntary. Similarly, providing personal data is voluntary, subject to two exceptions:
(1) entering into agreements with the Controller – failure to provide, in the cases and scope indicated in the order form and this privacy policy, the personal data necessary for concluding and performing the Service Agreement with the Controller will result in the inability to conclude such an agreement. Providing personal data is therefore a contractual requirement and if the data subject wishes to enter into an agreement with the Controller, they are obliged to provide the required data.
(2) statutory obligations of the Controller – providing personal data is a statutory requirement resulting from generally applicable provisions of law that impose on the Controller the obligation to process personal data (e.g. processing data for the purpose of keeping tax or accounting records) and failure to provide them will prevent the Controller from fulfilling such obligations.
1.5. The Controller exercises special care to protect the interests of data subjects whose personal data are processed, and in particular is responsible for and ensures that the data collected by him are: (1) processed lawfully; (2) collected for specified, legitimate purposes and not further processed in a way incompatible with those purposes; (3) factually correct and adequate in relation to the purposes for which they are processed; (4) kept in a form that permits identification of data subjects for no longer than is necessary to achieve the purpose of processing; and (5) processed in a way that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organizational measures.
1.6. Taking into account the nature, scope, context and purposes of processing as well as the risk of violation of the rights or freedoms of natural persons of varying likelihood and severity, the Controller implements appropriate technical and organizational measures so that processing is carried out in accordance with this Regulation and in order to be able to demonstrate it. These measures are reviewed and updated when necessary. The Controller uses technical measures to prevent unauthorized persons from obtaining and modifying personal data transmitted electronically.
2. LEGAL BASIS FOR DATA PROCESSING
2.1. The Controller processes data of a person if:
(1) the data subject has given consent to the processing of their personal data for one or more specific purposes;
(2) processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract;
(3) processing is necessary for compliance with a legal obligation to which the Controller is subject; or
(4) processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular when the data subject is a child.
3. PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING
3.1. Each time, the purpose, basis, period and scope as well as the recipients of personal data processed by the Controller result from the actions undertaken by a given Client.
3.2. The Controller may process personal data for the following purposes, on the following bases, for the periods and within the following scope:
| Purpose of processing | Legal basis of processing and storage period | Types of processed data |
| Performance of the concluded agreement | Art. 6(1)(b) GDPR (performance of a contract). Data are processed for the period necessary to demonstrate performance, execution, termination of the agreement and defense against possible claims related thereto. | First name, last name, email address, phone number. |
| Creating an account in the Service | Art. 6(1)(b) GDPR (performance of a contract). Data are processed for the period of having an account in the Service, and after its deletion for the period necessary for defense against possible claims related to having an account in the Service. | First name, last name, email address, phone number. |
| Receiving a newsletter | Art. 6(1)(a) GDPR (consent). Data are processed for the entire period during which consent to receive the newsletter is given. | Email address. |
| Establishment, exercise or defense of claims | Art. 6(1)(f) GDPR (legitimate interest of the Controller). Data are processed for the period during which the data subject may assert claims, thus they are deleted after the limitation period has expired. | First name, last name, email address, phone number, NIP, PESEL. |
| Conducting tax settlements | Art. 6(1)(c) GDPR (compliance with a legal obligation). Data are processed for the period necessary to conduct tax settlements. | First name, last name, email address, phone number, NIP, PESEL. |
4. DATA RECIPIENTS
4.1. For the proper functioning of the Service, including for the execution of concluded Agreements, it is necessary for the Controller to use the services of external entities (such as e.g. software providers, couriers, or payment processors). The Controller uses only the services of such processors who provide sufficient guarantees for the implementation of appropriate technical and organizational measures so that processing meets the requirements of the GDPR Regulation and protects the rights of data subjects.
4.2. The transfer of data by the Controller does not occur in every case and not to all recipients or categories of recipients indicated in the privacy policy – the Controller transfers data only when it is necessary to achieve the given purpose of personal data processing and only to the extent necessary to achieve it.
4.3. Personal data in connection with the performance of the contract are transferred to:
a) entities handling electronic or card payments – in the case of a Client who uses electronic payment or card payment in the Service, the Controller provides collected personal data of the Client to the selected entity handling the above payments on behalf of the Controller to the extent necessary to handle the payment made by the Client;
b) service providers supplying the Controller with technical, IT and organizational solutions, enabling the Controller to conduct business activity (in particular providers of computer software, email and hosting providers, as well as providers of company management software and technical support for the Controller) – the Controller provides collected personal data of the Client to the selected provider acting on its behalf only in the case and to the extent necessary to achieve the given purpose of data processing in accordance with this privacy policy;
c) accounting, legal and advisory service providers providing the Controller with accounting, legal or advisory support (in particular an accounting office, law firm or debt collection company) – the Controller provides collected personal data of the Client to the selected provider acting on its behalf only in the case and to the extent necessary to achieve the given purpose of data processing in accordance with this privacy policy.
5. PROFILING
5.1. Information may be processed in an automated manner (including in the form of profiling), however this will not produce any legal effects concerning a natural person or otherwise significantly affect their rights and obligations.
5.2. In the case of profiling:
a) sensitive data are not processed,
b) data are protected through pseudonymization,
c) if data are not protected through pseudonymization, only email address, IP or cookies are used.
5.3. The purpose of profiling is:
a) analysis of personal preferences and interests of persons using the Services or products or Services and adjusting the content available in the Services or products,
b) marketing, i.e. in particular adjusting the presented offer to the recipient’s preferences.
6. RIGHTS OF THE DATA SUBJECT
6.1. Right of access, rectification, restriction, erasure or portability – the data subject has the right to request from the Controller access to their personal data, their rectification, erasure (“right to be forgotten”) or restriction of processing, and has the right to object to processing, as well as the right to data portability. The detailed conditions for exercising the above rights are indicated in Articles 15–21 of the GDPR Regulation.
6.2. Right to withdraw consent at any time – if personal data are processed by the Controller on the basis of consent (under Art. 6(1)(a) or Art. 9(2)(a) GDPR Regulation), the data subject has the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.
6.3. Right to lodge a complaint with the supervisory authority – i.e. the President of the Office for Personal Data Protection, ul. Stawki 2, 00–193 Warsaw.
6.4. Right to object – the data subject has the right to object at any time – on grounds relating to their particular situation – to processing of their personal data based on Art. 6(1)(e) (public interest tasks) or (f) (legitimate interests of the Controller), including profiling based on these provisions. The Controller is then no longer allowed to process such personal data, unless the Controller demonstrates compelling legitimate grounds for processing overriding the interests, rights and freedoms of the data subject, or grounds for establishing, exercising or defending claims.
6.5. To exercise the rights referred to in this point of the privacy policy, you may contact the Controller by sending a written message or by email to the address of the Controller indicated at the beginning of the privacy policy or by using the contact form available in the Service.
7. COOKIES
7.1. Cookies are small text information in the form of text files, sent by the server and stored on the side of the person visiting the Service’s website (e.g. on the hard drive of a computer, laptop, or on the memory card of a smartphone – depending on the device used by the visitor of the Service). Detailed information on cookies, as well as their history, can be found, among others.
7.2. The Controller may process data contained in cookies when visitors use the Service’s website for the following purposes:
7.2.1. identifying Service Users as logged into the Service and showing that they are logged in;
7.2.2. remembering selected Services in order to place an Order;
7.2.3. remembering data from completed Order Forms or login data to the Service;
7.2.4. customizing the content of the Service’s website to the individual preferences of the Service User (e.g. regarding colors, font size, page layout) and optimizing the use of the Service’s pages;
7.2.5. conducting anonymous statistics presenting the manner of using the Service’s website.
7.3. By default, most web browsers available on the market accept the saving of cookies. Everyone has the possibility to define the conditions of using cookies through the settings of their web browser. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the ability to save cookies – in the latter case, however, this may affect some functionalities of the Service.
7.4. The settings of the web browser regarding cookies are important in terms of consent to the use of cookies by the Service – in accordance with the regulations such consent may also be expressed through the settings of the web browser. If such consent is not given, the browser settings regarding cookies should be changed accordingly.
7.5. Detailed information on changing cookie settings and their independent deletion in the most popular web browsers is available in the help section of the web browser and on the following pages (just click on the link):
-
in Chrome browser
-
in Firefox browser
-
in Internet Explorer browser
-
in Opera browser
-
in Safari browser
-
in Microsoft Edge browser
8. DATA TRANSFER
Personal data may be transferred outside the European Economic Area, however in such a case it always takes place to countries that provide at least the same level of protection of personal data as applies within the territory of the European Union.
9. FINAL PROVISIONS
8.1. The Service may contain links to other websites. The Controller encourages that after moving to other websites, you should read the privacy policy established there. This privacy policy applies only to the Controller’s Service.
8.2. The Privacy Policy is regularly verified and updated when necessary.
8.3. The current version of the Privacy Policy was adopted and is effective from 30.09.2025.