Service – the website “garbarnialeja.pl” operating at https://garbarnialeja.pl/
External Service – external websites of partners, service providers, or service recipients cooperating with the Administrator
Service Administrator / Data – The Service Administrator and Data Administrator (hereinafter referred to as the Administrator) is the company “Zakład garbarski Jakub Leja,” conducting its business at ul. Waksmundzka 193, 34-400 Nowy Targ, providing electronic services through the Service
User – a natural person for whom the Administrator provides electronic services through the Service
Device – an electronic device along with software through which the User accesses the Service
Cookies – text data collected in the form of files placed on the User’s Device
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Personal data – means information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person
Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction
Restriction of processing – means the marking of stored personal data with the aim of limiting their processing in the future
Profiling – means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements
Consent – the data subject’s voluntary, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
Personal data breach – a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed
Pseudonymization – the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person
Anonymization – Anonymization of data is an irreversible process of operations on data that destroys/overwrites “personal data” making identification or linkage of a given record to a specific user or individual impossible.
§2 Data Protection Officer
Based on Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer.
For matters relating to data processing, including personal data, please contact the Administrator directly.
§3 Types of Cookies
Internal Cookies – files placed and read from the User’s Device by the Service’s teleinformation system
External Cookies – files placed and read from the User’s Device by teleinformation systems of external services. Scripts of external services that may place Cookies on the User’s Device have been knowingly placed on the Service through scripts and services provided and installed in the Service
Session Cookies – files placed and read from the User’s Device by the Service during one session of that Device. After the session ends, the files are deleted from the User’s Device.
Persistent Cookies – files placed and read from the User’s Device by the Service until they are manually deleted. The files are not automatically deleted after the end of the Device session unless the User’s Device configuration is set to delete Cookie files after the end of the Device session.
§4 Data Storage Security
Storage and retrieval mechanisms for Cookie files – The storage, retrieval, and exchange of data between Cookie files stored on the User’s Device and the Service are carried out through built-in mechanisms in web browsers. These mechanisms do not allow for the retrieval of other data from the User’s Device or data from other websites visited by the User, including personal data or confidential information. It is also practically impossible to transfer viruses, trojans, or other worms to the User’s Device.
Internal Cookies – The Cookies used by the Administrator are safe for Users’ Devices and do not contain scripts, content, or information that could pose a threat to the security of personal data or the Device used by the User.
Users can independently change the settings for storing, deleting, and accessing data stored in Cookies by each website at any time.
Information on how to disable Cookies in the most popular web browsers is available on the website: how to disable cookies or from one of the indicated providers:
Managing cookies in the Chrome browser Managing cookies in the Opera browser Managing cookies in the Firefox browser Managing cookies in the Edge browser Managing cookies in the Safari browser Managing cookies in Internet Explorer 11
Users can delete all previously stored Cookies using the tools of the User’s Device through which the User accesses the Service.
User-side Threats – The Administrator employs all possible technical measures to ensure the security of data placed in Cookies. However, it should be noted that the security of this data depends on both parties, including the User’s activities. The Administrator is not responsible for the interception of such data, impersonation of the User’s session, or their deletion due to the User’s intentional or unintentional activities, viruses, trojans, and other spyware with which the User’s Device may be or may have been infected. Users should follow the recommendations for safe internet use to protect themselves from these threats.
Personal Data Storage – The Administrator makes every effort to ensure that voluntarily provided personal data by Users are secure, with limited access, and processed in accordance with their intended purpose and processing objectives. The Administrator also makes every effort to secure the data held against loss through the use of appropriate physical and organizational safeguards.
§5 Purposes of Cookie Usage
Improving and facilitating access to the Service Personalization of the Service for Users Ad serving services Statistics (users, number of visits, types of devices, connection, etc.)
§6 Purposes of Personal Data Processing
Personal data voluntarily provided by Users are processed for one of the following purposes:
Providing electronic services: Communication between the Administrator and Users regarding the Service and data protection Ensuring the legitimate interest of the Administrator
Anonymously and automatically collected User data are processed for one of the following purposes:
Conducting statistics Serving ads tailored to Users’ preferences Ensuring the legitimate interest of the Administrator
§7 Cookies from External Services
Ad serving services and affiliate networks: Google Adsense Statistics: Google Analytics WordPress Stats (Automattic Inc.) Facebook Analytics for Apps Other services: Google Maps
Services provided by third parties are beyond the control of the Administrator. These entities may change their terms of service, privacy policies, data processing objectives, and ways of using Cookies at any time.
§8 Types of Collected Data
The Service collects data about Users. Some data is collected automatically and anonymously, while other data is personal data voluntarily provided by Users when registering for specific services offered by the Service.
Automatically collected anonymous data:
IP address Browser type Screen resolution Approximate location Visited subpages of the website Time spent on a specific subpage of the website Operating system type Previous page address Referring page address Browser language Internet connection speed Internet service provider
Data collected during registration:
First name / last name / nickname Email address IP address (collected automatically)
Data collected when subscribing to the Newsletter service:
First name / last name / nickname Email address IP address (collected automatically)
Data collected when adding a comment:
First name and last name / nickname Email address Website address IP address (collected automatically)
Some data (without identifying information) may be stored in Cookies. Some data (without identifying information) may be transferred to a statistical service provider.
§9 Access to Personal Data by Third Parties
As a rule, the only recipient of personal data provided by Users is the Administrator. The data collected as part of the provided services are not transferred or sold to third parties.
Entities responsible for maintaining the infrastructure and services necessary for running the website, such as hosting companies, may have access to data (usually based on a data processing agreement).
Data Processing Outsourcing – Hosting Services, VPS, or Dedicated Servers
The Administrator uses the services of an external hosting, VPS, or Dedicated Servers provider to run the Service – <a href=”https://www.lh.pl/regulaminy/5,polityka-prywatnosci”>https://www.lh.pl/</a>. All data collected and processed on the website are stored and processed in the infrastructure of the service provider located in Poland. There is a possibility of access to the data as a result of service work carried out by the service provider’s staff. Access to this data is governed by the agreement between the Administrator and the Service Provider.
§10 Personal Data Processing Methods
Personal data voluntarily provided by Users:
Personal data will not be transferred outside the European Union unless they have been published as a result of individual User action (e.g., commenting or posting), making the data available to anyone visiting the website. Personal data will not be used for automated decision-making (profiling). Personal data will not be sold to third parties.
Anonymously collected data (without personal data) collected automatically:
Anonymous statistical data, not constituting personal data, are stored by the Administrator for an indefinite period for statistical purposes.
§11 Legal Basis for Personal Data Processing
The service collects and processes user data on the basis of:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) Article 6(1)(a) the data subject has given consent to the processing of their personal data for one or more specific purposes Article 6(1)(b) processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract Article 6(1)(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws of 2018, item 1000) Act of 16 July 2004 Telecommunications Law (Journal of Laws of 2004, No. 171, item 1800) Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws of 1994, No. 24, item 83)
§12 Period of Personal Data Processing
Personal data voluntarily provided by users:
As a rule, the indicated personal data is stored solely for the period of service provision within the scope of the Service by the Administrator. They are deleted or anonymized within 30 days from the end of service provision (e.g., deletion of a registered user account, unsubscribing from the newsletter, etc.)
An exception is a situation that requires securing legally justified purposes of further processing of such data by the Administrator. In such a situation, the Administrator will keep the indicated data for a period not exceeding 3 years from the time of the User’s request for their deletion in the event of a violation or suspicion of a violation of the provisions of the service regulations by the User.
Automatically collected anonymous data (without personal data):
Anonymous statistical data that does not constitute personal data is stored by the Administrator for an indefinite period for the purpose of conducting service statistics.
§13 User Rights related to the Processing of Personal Data
The service collects and processes user data on the basis of:
Right of access to personal data Users have the right to obtain access to their personal data, which is carried out upon request submitted to the Administrator.
Right to rectification of personal data Users have the right to request immediate rectification of inaccurate or incomplete personal data by the Administrator, which is carried out upon request submitted to the Administrator.
Right to erasure of personal data Users have the right to request immediate erasure of personal data, which is carried out upon request submitted to the Administrator. In the case of user accounts, data deletion involves anonymizing the data that allows user identification. The Administrator reserves the right to suspend the fulfillment of a request for data erasure in order to protect the legally justified interests of the Administrator (e.g., in cases where the User has violated the Regulations or when the data has been obtained as a result of correspondence).
In the case of the newsletter service, the User has the possibility to independently delete their personal data by using the link provided in each email message.
Right to restriction of personal data processing Users have the right to restrict the processing of personal data in cases indicated in Article 18 of the General Data Protection Regulation (GDPR), including questioning the accuracy of personal data, which is carried out upon request submitted to the Administrator.
Right to data portability Users have the right to receive from the Administrator their personal data in a structured, commonly used, machine-readable format, which is carried out upon request submitted to the Administrator.
Right to object to the processing of personal data Users have the right to object to the processing of their personal data in cases specified in Article 21 of the GDPR, which is carried out upon request submitted to the Administrator.
Right to lodge a complaint Users have the right to lodge a complaint with the supervisory authority responsible for personal data protection.
§14 Contact with the Administrator
The Administrator can be contacted in one of the following ways:
Postal address: Zakład garbarski Jakub Leja, ul. Waksmundzka 193, 34-400 Nowy Targ
Email address: email@example.com
Phone: +48 500 131 880
Contact form: available at https://garbarnialeja.pl/kontakt/
§15 Service Requirements
Limiting the storage and access to Cookie files on the User’s device may result in improper functioning of certain features of the Service.
The Administrator shall not be liable for the improper functioning of Service features if the User restricts in any way the ability to store and read Cookie files.
§16 External Links
In the Service – articles, posts, entries, or comments by Users may contain links to external websites with which the Service Owner does not cooperate. These links and the pages or files referred to may be dangerous to your Device or pose a threat to the security of your data. The Administrator is not responsible for the content located outside the Service.
The introduced changes come into effect upon their publication.