WHO IS THE CONTROLLER OF THE USER'S PERSONAL DATA?
The administrator of the User's personal data is Cleansery Sp. z o. o. with its registered office in 30-554 Kraków, ul. Closed 10/1.5, entered into the Register of Entrepreneurs of the National Court Register under the KRS number: 0000988474 NIP 6793246399, REGON 522889239, share capital in the amount of PLN 10,000, in accordance with the information corresponding to the current excerpt from the Register of Entrepreneurs contained in the Central Information of the National Court Register, representative owed by Andrzej Suwara – President of the Management Board.
The Administrator co-administers with social media platform providers, e.g. Facebook, TikTok, etc. indicated in this document, regarding the data of people using social media and following the Administrator's profile on a given social media platform and interacting with the Administrator. The rules of co-administration are indicated below for each social media platform on which the Administrator has a profile.
IS PROVIDING DATA VOLUNTARY? WHAT IS THE CONSEQUENCE OF NOT PROVIDING THEM?
Providing data is voluntary, however, failure to provide certain information, generally marked as mandatory on the Administrator's website, will result in the inability to provide a given service and achieve a specific goal or take specific actions.The User's provision of data that is not mandatory or excess data that the Administrator does not need to process is based on the User's own decision and then processing is based on the premise set out in Art. 6 section 1 letter a GDPR (consent). The User consents to the processing of this data and to anonymize data that the Administrator does not require and does not want to process, but the User nevertheless provided it to the Administrator.
FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS DO WE PROCESS THE USER'S PERSONAL DATA PROVIDED WHILE USING THE WEBSITE?The User's personal data on the Administrator's Website may be processed for the following purposes and on the following legal bases: Entire table wit legal bases is linked
here, starting page 5.
The User's provision of data that is not mandatory or excess data that the Administrator does not need to process is based on the User's own decision and then processing is based on the premise set out in Art. 6 section 1 letter a GDPR (consent). The User consents to the processing of this data and to anonymize data that the Administrator does not require and does not want to process, but the User nevertheless provided it to the Administrator.
HOW IS DATA COLLECTED?
Only data that the user provides is collected and processed (except - in certain situations - data collected automatically using cookies).
During a visit to the website, data regarding the visit itself is automatically collected, e.g. the user's IP address, domain name, browser type, operating system type, etc. (login data). Data collected automatically may be used to analyze user behavior on the website, collect demographic data about users or to personalize the website content in order to improve it. However, this data is processed only for the purposes of administering the website, ensuring efficient hosting service, or directing marketing content and is not associated with the data of individual users. You can read more about cookies later in this policy.
Data may also be collected for the purpose of completing forms available on the Website, as described further in the privacy policy.
Information society services
The administrator does not collect children's data. The user must be at least 16 years old to consent to the processing of personal data for the purpose of providing information society services, including: for marketing purposes, or obtain the consent of a legal guardian (e.g. parent) for this purpose.If the User is under 16 years of age, he or she should not use the Website and the website www.cleansery.com.The Administrator is entitled to make reasonable efforts to verify whether the User meets the age requirement referred to above, or whether the person exercising parental authority or care over the User who is under 16 years of age has consented or approved it.
WHAT ARE YOUR USER RIGHTS?
The user has the rights specified in Art. at any time. 15-21 GDPR, i.e.:
- the right to access the content of his data,
- the right to transfer data,
- the right to correct data,the right to rectify data,
- the right to delete data if there are no grounds for processing it,
- the right to limit processing if it was carried out incorrectly or without a legal basis,
- the right to object to data processing based on the legitimate interest of the administrator,
- the right to lodge a complaint with the supervisory authority - the President of the Office for Personal Data Protection (pursuant to the principles set out in the Personal Data Protection Act), if he considers that the processing of his data is inconsistent with the currently applicable data protection provisions.
- the right to be forgotten if further processing is not provided for by currently applicable law.
The Administrator points out that these rights are not absolute and do not apply to all processing activities of the User's personal data. This applies, for example, to the right to obtain a copy of your data. This right may not adversely affect the rights and freedoms of other persons, such as copyrights or professional secrecy. To learn about the limitations regarding User rights, please refer to the GDPR.
However, the user always has the right to lodge a complaint with the supervisory authority.
In order to exercise their rights, the User may contact the Administrator via e-mail:
info@cleansery.com or by letter to the address of the Administrator's place of business, if provided in this privacy policy, indicating the scope of your requests. The response will be provided no later than 30 days from the date of receipt of the request and its justification, unless it is justified to extend this deadline in accordance with the GDPR.
CAN A USER WITHDRAW HIS EXPRESS CONSENT?
If the User has consented to a specific action, such consent may be withdrawn at any time, which will result in the removal of the e-mail address from the Administrator's mailing list and the cessation of the indicated activities (in the case of registration based on consent). Withdrawal of consent does not affect the processing of data that was carried out on the basis of consent before its withdrawal.
In some cases, the data may not be completely deleted and will be retained in order to defend against possible claims for a period of time in accordance with the provisions of the Civil Code or, for example, in order to fulfill legal obligations imposed on the Administrator.
Each time, the Administrator will respond to the User's request, adequately justifying further actions resulting from legal obligations.
DO WE TRANSFER YOUR DATA TO THIRD COUNTRIES?
User data may be transferred outside the European Union - to third countries.
Due to the fact that the Administrator uses external suppliers of various services, e.g. Meta Platforms Ireland Limited (Facebook and subsidiaries) hereinafter referred to as Meta or Facebook, Google, Microsoft, Airtable, Notion, Basecamp, etc., the User's data may be transferred to the United States America (USA) in connection with their storage on American servers (in whole or in part) as well as in other countries . Google and Facebook apply compliance mechanisms provided for by the GDPR (e.g. certificates) or standard contractual clauses for their services. They will be transferred only to recipients who guarantee the highest data protection and security, including: by:
a). cooperation with entities processing personal data in countries for which an appropriate decision of the European Commission has been issued,
b). application of standard contractual clauses issued by the European Commission (as is the case, for example, with Google),
c). application of binding corporate rules approved by the competent supervisory authority,
or those to which the User has consented to the transfer of personal data.
Detailed information is available in the privacy policy of each provider of these services, available on their websites. For example:
Google Ireland Limited:
https://policies.google.com/privacy?hl=pl
Meta Platforms Ireland Limited:
https://www.facebook.com/privacy/explanation
Getresponse : https://www.getresponse.pl/informacje-prawne/polityka-prywatnosci
Notion: https://www.notion.so/Privacy-Policy-3468d120cf614d4c9014c09f6adc9091
Airtable: https://www.airtable.com/company/privacy
Basecamp: https://basecamp.com/about/policies/privacy
Currently, the services offered by Google Ireland Limited and Meta Platforms Ireland Limited are mainly provided by entities located in the European Union. However, you should always read the privacy policies of these providers to obtain up-to-date information on personal data protection. MailerLite may store some data in the United States or use service providers from that country, but the data is mainly processed in the European Union.
HOW LONG DO WE KEEP YOUR DATA?
The User's data will be stored by the Administrator for the duration of the implementation of individual services/achieving the goals indicated in the table above, and:
a). for the period of service and cooperation, as well as for the period of limitation of claims in accordance with legal provisions - in relation to data provided by contractors, customers or Users,
b). for the period of talks and negotiations preceding the conclusion of the contract or provision of the service - in relation to the data provided in the request for quotation,
c). for the period required by law, including tax law - in relation to personal data related to the fulfillment of obligations arising from applicable regulations,
d). until an objection is effectively filed pursuant to Art. 21 GDPR - in relation to personal data processed on the basis of the legitimate interest of the administrator, including for direct marketing purposes,
e). until consent is withdrawn or the purpose of processing or business purpose is achieved - in relation to personal data processed on the basis of consent. After withdrawing consent, the data may still be processed in order to defend against possible claims in accordance with the limitation period for these claims or the (shorter) period indicated to the User,
f). until it becomes obsolete or becomes unusable - in relation to personal data processed mainly for analytical and statistical purposes, the use of cookies and the administration of the Administrator's Websites,
g). for a maximum period of 3 years in the case of people who have unsubscribed from the newsletter in order to defend themselves against possible claims (e.g. information about the date of subscription and the date of unsubscribing from the newsletter, the number of newsletters received, actions taken and activity related to the received messages), or after a period of 3 years of inactivity by a given subscriber, e.g. not opening any message from the Administrator.
Data storage periods indicated in years are counted at the end of each year in which data processing began. This is intended to improve the data processing and management process.
Detailed personal data processing periods regarding individual processing activities are included in the Administrator's register of processing activities.
LINKS TO OTHER SITES
The Site may contain links to other websites. They will open in a new browser window or in the same window. The administrator is not responsible for the content transmitted by these websites. The user is obliged to read the privacy policy or regulations of these websites.
ACTIVITIES IN SOCIAL MEDIA – FACEBOOK
The Administrator administers the User's data on the fanpage called Cleansery on Facebook (hereinafter referred to as the Fanpage).
The User's personal data provided on the Fanpage will be processed for the purpose of administering and managing the Fanpage, communicating with the User, interacting, directing marketing content to the User and creating the Fanpage community.
The basis for their processing is the User's consent and the legitimate interest of the administrator consisting in interacting with Users and Followers of the Fanpage. The user voluntarily decides to like/follow the Fanpage.
The rules governing the Fanpage are set by the Administrator, however, the rules for staying on the Facebook social networking site result from Facebook's regulations.
The User may unfollow the Fanpage at any time. However, the Administrator will not then display to the User any content from the Administrator related to the Fanpage.
The Administrator sees the User's personal data, such as name, surname or general information, which the User places on their profiles as public. The processing of other personal data is carried out by the Facebook social networking site and under the terms and conditions contained in its regulations.
The User's personal data will be processed for the period of operation/existence of the Fanpage based on the consent expressed by liking/clicking "Follow" the Fanpage or interacting, e.g. leaving a comment, sending a message, and in order to implement the legally justified interests of the Administrator, i.e. marketing its own products or services or defense against claims.
The User's personal data may be made available to other data recipients, such as Facebook, cooperating advertising agencies or other subcontractors operating the Administrator's Fanpage, an IT service, a virtual assistant, if contact occurs outside Facebook.
The User's other rights are described in this Privacy Policy.
User data may be transferred to third countries in accordance with Facebook's regulations.
This data may also be profiled, which helps to better personalize the advertising offer addressed to the User. However, they will not be processed in an automated manner within the meaning of the GDPR (having a negative impact on the User's rights and freedoms).
Facebook privacy policy:
https://www.facebook.com/privacy/explanation .
ACTIVITIES IN SOCIAL MEDIA – INSTAGRAM
The Administrator administers the User's data on the profile page under the name @cleansery_ available at the URL: www.instagram.com/cleansery_ on Instagram (hereinafter referred to as Profile).
The User's personal data provided on the Profile will be processed for the purpose of administering and managing the Profile, communicating with the User, interacting, directing marketing content to the User and creating a Profile community.
The basis for their processing is the User's consent and the legitimate interest of the administrator consisting in interacting with Users and Profile Followers. The User voluntarily decides to like/follow the Profile.
The rules governing the Profile are set by the Administrator, however, the rules for staying on the Instagram social networking site result from the Instagram regulations.
The User may unfollow the Profile at any time. However, the Administrator will not then display to the User any content from the Administrator related to the Profile.
The Administrator sees the User's personal data, such as name, surname or general information, which the User places on their profiles as public. The processing of other personal data is carried out by the social networking site Instagram and under the conditions contained in its regulations.
The User's personal data will be processed for the period of maintaining/existence of the Profile based on the consent expressed by liking/clicking "Follow" the Profile or interacting, e.g. leaving a comment, sending a message, and in order to implement the legally justified interests of the Administrator, i.e. marketing its own products or services or defense against claims.
The User's personal data may be made available to other data recipients, such as cooperating advertising agencies or other subcontractors servicing the Administrator's Profile, an IT service, a virtual assistant, if contact occurs outside Instagram.
The User's other rights are described in this Privacy Policy.
User data may be transferred to third countries in accordance with Instagram's regulations.
This data may also be profiled, which helps to better personalize the advertising offer addressed to the User. However, they will not be processed in an automated manner within the meaning of the GDPR (having a negative impact on the User's rights and freedoms).
Instagram privacy policy:
https://help.instagram.com/519522125107875
ACTIVITIES IN SOCIAL MEDIA – LINKEDIN
The Administrator administers the User's data on the profile page under the name Cleansery available at the URL: https://www.linkedin.com/company/65461676/ on LinkedIn (hereinafter referred to as Profile).
The User's personal data provided on the Profile will be processed for the purpose of administering and managing the Profile, communicating with the User, interacting, directing marketing content to the User and creating a Profile community.
The basis for their processing is the User's consent and the legitimate interest of the administrator consisting in interacting with Users and Profile Followers. The User voluntarily decides to like/follow the Profile.
The rules governing the Profile are set by the Administrator, however, the rules for staying on the LinkedIn social networking site result from LinkedIn's regulations.The User may unfollow the Profile at any time. However, the Administrator will not then display to the User any content from the Administrator related to the Profile.
The Administrator sees the User's personal data, such as name, surname or general information, which the User places on their profiles as public. The processing of other personal data is carried out by the LinkedIn social networking site and under the terms and conditions contained in its regulations.
The User's personal data will be processed for the period of maintaining/existence of the Profile based on the consent expressed by liking/clicking "Follow" the Profile or interacting, e.g. leaving a comment, sending a message, and in order to implement the legally justified interests of the Administrator, i.e. marketing its own products or services or defense against claims.
The User's personal data may be made available to other data recipients, such as the LinkedIn portal, cooperating advertising agencies or other subcontractors servicing the Administrator's Profile, an IT service, a virtual assistant, if contact occurs outside the LinkedIn portal.
The User's other rights are described in this Privacy Policy.
User data may be transferred to third countries in accordance with LinkedIn's regulations.
This data may also be profiled, which helps to better personalize the advertising offer addressed to the User. However, they will not be processed in an automated manner within the meaning of the GDPR (having a negative impact on the User's rights and freedoms).
LinkedIn privacy policy:
https://pl.linkedin.com/legal/privacy-policyDATA SAFETY
The User's personal data is stored and protected with due care, in accordance with the Administrator's implemented internal procedures. The Administrator processes information about the User using appropriate technical and organizational measures that meet the requirements of generally applicable law, in particular the provisions on the protection of personal data. These measures are primarily intended to protect Users' personal data against access by unauthorized persons.
In particular, access to Users' personal data is available only to authorized persons who are obliged to keep this data secret or entities entrusted with the processing of personal data on the basis of a separate data entrustment agreement.
At the same time, the User should exercise due diligence in securing his/her personal data transmitted via the Internet, in particular not disclosing his/her login data to third parties, using anti-virus protection and updating the software.
WHO CAN THE RECIPIENTS OF PERSONAL DATA BE?
The Administrator informs that he uses the services of external entities. Entities entrusted with the processing of personal data (such as courier companies, companies intermediating in electronic payments, companies offering accounting services, companies enabling the sending of newsletters) guarantee the use of appropriate protection and security measures for personal data required by law, in particular by the GDPR.
The Administrator informs the User that he entrusts the processing of personal data, among others: the following entities:
Get response and SendGrid – to send the newsletter and use the mailing system
Google – to store personal data on the server,
Webflow – to create landing pages and collect leads,
ING Accounting – to issue accounting documents,
Notion – to manage the company,Google – to use Google services, including e-mail,
OVH – for the purpose of servicing the domain
Webflow – for IT support or IT management of the Website,
Other contractors or subcontractors engaged in technical and administrative support, or to provide legal assistance to the Administrator and its clients, e.g. accounting, IT, graphic, copywriting assistance, debt collection companies, lawyers, etc.
Personal data may also be made available to other recipients, including: offices, e.g. the tax office - in order to fulfill legal and tax obligations related to settlements and accounting.
Entities that process personal data , such as the Administrator, ensure compliance with European standards in the field of personal data protection, including standards set by legal acts and decisions of the European Commission, and apply compliance mechanisms also when transferring data outside the EEA, including: in the form of standard contractual clauses adopted by the European Commission, Decision 2021/915 of 4 June 2021 on standard contractual clauses between controllers and processors pursuant to Art. 28 section 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council and Art. 29 section 7 of Regulation (EU) 2018/1725 of the European Parliament and of the Council
https://eur-lex.europa.eu/legal-content/PL/TXT/PDF/?uri=CELEX:32021D0915&from=PL .
HAVE WE APPOINTED A DATA PROTECTION OFFICER?
The Personal Data Administrator hereby informs that he has not appointed a Personal Data Protection Inspector (IODO) and performs the duties related to the processing of personal data on his own.
The User acknowledges that his or her personal data may be transferred to authorized state authorities in connection with the proceedings conducted by them, at their request and after meeting the conditions confirming the necessity of obtaining this data from the Administrator.
DO WE PROFILE USER DATA?
The User's personal data will not be used for automated decision-making that affects the User's rights, obligations or freedoms within the meaning of the GDPR.
As part of the website and tracking technologies, the User's data may be profiled, which helps to better personalize the company's offer that the Administrator addresses to the User (mainly through the so-called behavioral advertising). However, this should not have any impact on the User's legal situation, in particular on the terms of the contracts concluded by him or the contracts he intends to conclude. It can only help to better match content and targeted advertisements to the User's interests. The information used is anonymous and is not associated with personal data provided by the User, e.g. in the purchase process. They result from statistical data, e.g. gender, age, interests, approximate location, behavior on the Website.
Each User has the right to object to profiling if it would have a negative impact on the User's rights and obligations.
If you want to learn more about behavioral advertising, click here:
https://www.youronlinechoices.com/pl/o-reklamie-behawioralna
