PRIVACY POLICY AND COOKIES POLICY OF THE KRZYSZTOFNYREK.EU WEBSITE
Using the website https:// krzysztofnyrek.eu/ means acceptance of the following terms of the Privacy Policy and Cookies Policy.
Please read its provisions as a user. In the content below, I explain how I care about Users’ data, how I process it, to whom I entrust it, and many other important issues related to personal data.
§1 GENERAL PROVISIONS
This Privacy Policy and Cookie Policy set out the rules for the processing and protection of personal data provided by Users, the cookie policy, and other technologies appearing on the website https:// krzysztofnyrek.eu/.
The administrator of the website and personal data provided as part of it is Krzysztof Nyrek. Residing at Ratownikow Gorniczych 12/9; 32-590 Libiąż.
I care about the security of personal data and the privacy of Website Users.
In case of any doubts regarding the provisions of this Privacy Policy and cookie policy, please get in touch with the Administrator via e-mail address rodo@krzysztofnyrek.eu
The Administrator reserves the right to change the privacy policy, and each website user is obliged to know the current policy. The reason for the changes may be the development of Internet technology, changes in generally applicable law, or the development of the Website through, for example, the use of new tools by the Administrator. At the bottom of the page is the current publication date for the Privacy Policy.
Administrator – Krzysztof Nyrek. Residing at Ratownikow Gorniczych 12/9 Street; 32-590 Libiaz.
User – any entity staying on the website and using it.
Website – a website located at https:// krzysztofnyrek.eu/.
Newsletter – means a free service provided electronically by the Administrator to the User by sending electronic letters (e-mails), through which the Administrator informs about events, services, products, and other elements essential from the administrator’s point of view and/or to achieve the administrator’s legitimate purpose, which is direct marketing. Detailed information on sending the newsletter can be found in this privacy policy.
GDPR – means Regulation EU 2016/679 of the European Parliament and of the Council of 27 April 2016 on protecting natural persons concerning the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
Personal Data Protection Act – the Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws of 2018, item 1000, as amended).
Act on the provision of electronic services – the Act of 18 July 2002 on the provision of electronic services (Journal of Laws No. 144, item 1204, as amended).
Telecommunications Law Act – the Telecommunications Law Act of 16 July 2004 (Journal of Laws of 2004, No. 171, item 1800, as amended).
§3 PERSONAL DATA AND RULES FOR THEIR PROCESSING
WHO IS THE CONTROLLER OF YOUR DATA?
Krzysztof Nyrek. Residing at Ratownikow Gorniczych 12/9 Street; 32-590 Libiąż.
IS PROVIDING DATA VOLUNTARY? WHAT IS THE CONSEQUENCE OF NOT GIVING THEM?
Providing data is voluntary. However, failure to provide certain information, as a rule, marked on the Administrator’s website as mandatory, will be associated with the inability to perform a given service and achieve a specific goal or take particular actions.
Providing the User data that is not mandatory or excess data that the Administrator does not need to process based on the User’s decision leads to a situation where the processing takes place based on the premise contained in Article 6(1)(a) of the GDPR (consent). The User grants consent to the processing of this data and to anonymize data that the Administrator does not require and does not want to process. Yet, the User has provided them to the Administrator.
FOR WHAT PURPOSES AND ON WHAT LEGAL GROUNDS DO WE PROCESS YOUR DATA PROVIDED AS PART OF THE USE OF THE WEBSITE?
The User’s data on the Administrator’s Website may be processed for the following purposes and on the following legal bases:
- to send the Newsletter – according to Article 6(1)(f) of the GDPR (legitimate interest of the administrator consisting in the processing of data for direct marketing purposes) and based on the Act on the provision of electronic services (consent);
- establishing, investigating, or defending against claims – according to Article 6(1)(f) of the GDPR (legitimate interest of the controller);
- creating registers related to the GDPR and other regulations – according to Article 6(1)(c) of the GDPR (legal obligation) and Article 6(1)(f) of the GDPR (legitimate interest of the controller);
- analytical, consisting, among others, in the analysis of data collected automatically when using the website, including cookies, e.g., Google Analytics cookies – according to Article 6(1)(f) of the GDPR (legitimate interest of the administrator);
- the use of cookies on the Website and its subpages – according to Article 6(1)(a) of the GDPR (consent);
- posting by the User an opinion about the services provided by the Administrator – according to Article 6(1)(a) of the GDPR (consent);
- managing the Website and the Administrator’s websites on other platforms – according to Article 6(1)(f) of the GDPR (legitimate interest of the Administrator);
- to adjust the content displayed on the Administrator’s websites to individual needs and continuous improvement of the quality of services offered – according to Article 6(1)(f) of the GDPR (legitimate interest of the administrator);
- to create users’ databases – according to Article 6(1)(f) of the GDPR (legitimate interest of the administrator);
- to operate the LinkedIn account under the name Krzysztof Nyrek and interact with users – according to Article 6(1)(f) of the GDPR (legitimate interest of the controller);
- to provide the possibility of commenting on posts -key the visitor leaves a comment, we collect the data visible in the comment form, as well as the IP address of the visitor and the signature of his browser as an aid in detecting spam. An anonymized string created from your email address (also known as a hash) can be sent to the Gravatar service to verify that it is being used. The Privacy Policy of the Gravatar service is available at: https://automattic.com/privacy/. Once a comment is approved, your profile picture is visible to the public in the context of your comment according to Article 6(1)(f) of the GDPR (legitimate interest of the controller);
Providing the User data that is not mandatory or excess data that the Administrator does not need to process takes place based on the User’s decision. Then, the processing takes place based on the premise contained in Article 6(1)(a) of the GDPR (consent). The User grants consent to the processing of this data and to anonymize data that the Administrator does not require and does not want to process. Yet, the User has provided them to the Administrator.
Only the data that the User provides is collected and processed (except for – in certain situations – data collected automatically using cookies and login data, as referred to below).
When you visit the website, data about the visit itself is automatically collected, e.g. the user’s an IP address, domain name, browser type, operating system type, etc. (login details). The data collected automatically can be used to analyze the behavior of Users on the website, collect demographic data about Users, or personalize the content of the website to improve it. However, these data are processed only to administer the website, ensuring efficient hosting service or directing marketing content, and are not associated with the data of individual Users. You can read more about cookies later in this policy.
The User has at any time the rights contained in Articles 15-21 of the GDPR, i.e.:
- The right to access the content of his data,
- The right to data portability,
- The right to correct data,
- The right to rectify data,
- The right to delete data if there are no grounds for their processing,
- The right to limit the processing if it occurred incorrectly or without a legal basis,
- The right to object to the processing of data based on the legitimate interest of the administrator,
- The right to complain to the supervisory body – the President of the Office for Personal Data Protection (on the terms set out in the Personal Data Protection Act), if it considers that the processing of its data is inconsistent with the currently applicable data protection law.
- The right to be forgotten if further processing is not provided for by the current law.
The Administrator points out that these rights are not absolute and are not entitled to all activities of processing the User’s data. This applies, for example, to the right to obtain a copy of the data. This right must not adversely affect the rights and freedoms of others, such as copyright. To learn about the restrictions on the User’s rights, I refer to the content of the GDPR.
However, the User always has the right to complain to the supervisory authority.
To exercise their rights, the User may contact the Administrator via e-mail address rodo@krzysztofnyrek.eu or by post to the address Krzysztof Nyrek, Ratowników Górniczych 12/9 32-590 Libiąż. The answer will be given no later than 30 days from receipt of the request and its justification unless it is justified to extend this period by the GDPR.
CAN YOU WITHDRAW YOUR CONSENT?
Suppose the User has consented to a specific action. In that case, such consent may be withdrawn at any time, which will result in the termination of the processing of personal data processed by the Administrator based on consent (e.g., in the case of the Newsletter, removal of the e-mail address from the Administrator’s mailing list) and cessation of the indicated activities. Withdrawal of consent does not affect the processing of data, which was made based on consent before its withdrawal.
In some cases, the data may not be deleted entirely. They will be stored to defend against possible claims for a while, following the provisions of the Civil Code or, for example, to implement legal obligations imposed on the Administrator.
Each time, the Administrator will refer to the User’s request, properly justifying further actions resulting from legal obligations.
DO WE TRANSFER YOUR DATA TO THIRD COUNTRIES?
The User’s data may be transferred outside the European Union – to third countries.
Because the Administrator uses external providers of various services, e.g., Google and MailerLite, the User’s data may be transferred to the United States of America (USA) in connection with their storage on American servers (in whole or in part). Google and MailerLite apply the compliance mechanisms the GDPR provides (e.g., certificates) or standard contractual clauses for their services. These will only be transferred to recipients who guarantee the highest data protection and security, m.in by:
- cooperation with entities processing personal data in countries in respect of which an appropriate decision of the European Commission has been issued,
- use of standard contractual clauses issued by the European Commission,
- the application of binding corporate rules approved by the competent supervisory authority,
or those to the transfer of personal data to which the User has consented.
Detailed information is available in the content of the privacy policy of each provider of these services and on their websites. Example:
Google LLC: https://policies.google.com/privacy?hl=pl
MailerLite: Privacy Policy – MailerLite
Currently, the services offered by Google and MailerLite are mainly provided by entities located in the European Union. However, you should always read the privacy policy of these providers to receive up-to-date information on the protection of personal data.
HOW LONG DO WE KEEP YOUR DATA?
The User’s data will be stored by the Administrator for the duration of the implementation of individual services/achievement of goals and:
- For the period of service and cooperation, as well as for the period of limitation of claims under the law – concerning data provided by contractors and customers or Users,
- Until an objection is effectively lodged based on Article 21 of the GDPR – concerning personal data processed based on the administrator’s legitimate interest,
- until the consent is withdrawn or the purpose of processing is achieved, the business purpose — concerning personal data processed based on consent. After the withdrawal of consent, the data may still be processed to defend against possible claims under the limitation period for these claims or the (shorter) period indicated to the User,
- For a maximum period of 3 years in the case of persons who have unsubscribed from the newsletter to defend against possible claims (e.g., information about the date of subscription and the date of unsubscribing from the newsletter, the number of newsletters received, actions taken and activity related to the messages received), or after one year of lack of any activity by a given subscriber, e.g., not opening any message from the Administrator.
- Until it becomes obsolete or expires – about personal data processed mainly for analytical and statistical purposes, the use of cookies, and the administration of the Administrator’s Websites.
The data retention periods indicated in years are counted at the end of each year in which the data processing began. This is to improve the processing and management of data.
Detailed periods of personal data processing, concerning individual processing activities, can be found in the register of processing activities and the register of categories of processing activities of the Administrator.
The Site may contain links to other websites. They will open in a new browser window or the same window. The administrator is not responsible for the content provided by these pages. The User is obliged to read the privacy policy or regulations of these websites.
ACTIVITIES IN SOCIAL MEDIA – LINKEDIN
The Administrator of the User’s data on LinkedIn on the “Krzysztof Nyrek” account (hereinafter referred to as the LinkedIn account) is the Administrator.
The User’s data provided in the LinkedIn account will be processed to administer and manage the account, communicate with the User, interact with the User, direct marketing content to the User, and create a community.
The basis for their processing is the User’s consent and the legitimate interest of the Administrator consisting in interacting with Users and Followers of the LinkedIn account. The user voluntarily decides to like the content/follow the LinkedIn account.
The rules prevailing on the LinkedIn account are set by the Administrator, however, the rules of staying on the LinkedIn social network result from the LinkedIn regulations.
At any time, the User may unfollow the LinkedIn account belonging to the Administrator. However, the Administrator will not display to the User any content from the Administrator related to the LinkedIn account “Krzysztof Nyrek”
The Administrator sees the User’s data, such as e.g. name, surname, or general information, which the User places on his profiles as public. The processing of other personal data is carried out by the social network LinkedIn and under the conditions contained in its regulations.
The User’s data will be processed for the period of running/existing LinkedIn account based on consent expressed by liking the content/clicking “Follow” or interacting, e.g. leaving a comment, sending a message, and implementing the legitimate interests of the Administrator, i.e. marketing of own products or services or defense against claims.
The User’s data may be shared with other recipients of data, such as the LinkedIn portal, cooperating advertising agencies, or other subcontractors operating the Administrator’s LinkedIn account, IT service, or virtual assistants, if contact occurs outside the LinkedIn portal.
Other rights of the User are described in this privacy policy.
The administrator recommends that you read the privacy policy of LinkedIn: https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com%7Cli-other.
The User’s data is stored and protected with due diligence, under the implemented internal procedures of the Administrator. The Administrator processes information about the User using appropriate technical and organizational measures that meet the requirements of generally applicable law, in particular the provisions on the protection of personal data. These measures are primarily aimed at securing Users’ data against access by unauthorized persons.
In particular, access to Users’ data is granted only to authorized persons who are obliged to keep this data confidential or entities entrusted with the processing of personal data based on a separate data entrustment agreement.
At the same time, the User should exercise diligence in securing their data transmitted via the Internet, in particular not disclose their login details to third parties, use anti-virus security and update the software.
WHO CAN BE THE RECIPIENTS OF PERSONAL DATA?
The Administrator informs that he uses the services of external entities. Entities entrusted with the processing of personal data (such as, for example, companies enabling the sending of newsletters) guarantee the application of appropriate measures for the protection and security of personal data required by law, in particular by the GDPR.
The Administrator informs the User that he entrusts the processing of personal data m.in to the following entities:
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google LLC) – to use Google services, including Gsuite,
- MailerLite Limited, an Irish registered company at 38 Mount Street Upper, Dublin 2, D02 PR89 Ireland, to use newsletter services.
HAVE WE APPOINTED A DATA PROTECTION OFFICER?
The Personal Data Administrator hereby informs that he has not been appointed a Personal Data Protection Inspector (DPO) and performs independently the duties related to the processing of personal data.
The User acknowledges that his data may be transferred to authorized state authorities in connection with their proceedings, at their request, and after meeting the conditions confirming the necessity of obtaining this data from the Administrator.
The User’s data will not be used for automated decision-making affecting the rights and obligations or freedoms of the User within the meaning of the GDPR.
The Administrator uses the following types of forms within the Website:
1. Newsletter subscription form – requires providing your name and e-mail address in the appropriate place. These fields are mandatory. Then, to add his e-mail address to the Administrator’s subscriber base, the User must confirm the willingness to subscribe. The data obtained in this way is added to the mailing list to send the Newsletter.
Subscription /subscription means that the User agrees with this Privacy Policy and agrees to send him marketing and commercial information using electronic communication, e.g. e-mail, within the meaning of the Act of 18 July 2002 on the provision of electronic services (Journal of Laws No. 144, item 1204, as amended).
The above consents are voluntary but necessary to send the Newsletter, including m.in to inform about services, new blog entries, products, promotions, and discounts offered by the Administrator or products of third parties recommended by him. Consents may be withdrawn at any time, which will result in the cessation of sending the Newsletter under the principles contained in this privacy policy.
The newsletter is sent for an indefinite period, from the moment of activation until the consent is withdrawn. After withdrawing the consent, the User’s data may be stored in the newsletter database for up to 3 years, to demonstrate the fact that the User has given consent to communication via the newsletter, the User’s actions (openness of e-mails), and the moment of its withdrawal, as well as possible related claims, which is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR).
Sending the Newsletter may be discontinued if the User does not show activity for a minimum of 1 year from the start of the newsletter service or reads the last e-mail (sent Newsletter). In this case, the Administrator will delete the User’s data from the system for sending the Newsletter (supplier). The User will not be entitled to receive any message from the Administrator unless he decides to re-subscribe to the Newsletter or contacts the Administrator in another way chosen for this purpose.
The mailing system used to send the Newsletter records all activity and actions taken by the User related to the e-mails sent to him (date and time of opening the message, clicking on links, a moment of unsubscribing, etc.).
- The content presented on the Website does not constitute specialist advice or guidance (e.g. educational) and does not refer to a specific factual situation. If the User wants to get help in a specific matter, he should contact the person authorized to provide such advice or the Administrator at the contact details provided. The Administrator is not responsible for the use of the content contained on the Website or actions or omissions took on their basis.
- All content placed on the Website may be subject to the copyright of specific persons and/or the Administrator (e.g. photos, texts, other materials, etc.). The Administrator does not agree to copy these contents in whole or in part without his express, prior consent.
- The Administrator hereby informs the User that any dissemination of content made available by the Administrator constitutes a violation of the law and may give rise to civil or criminal liability. The Administrator may also demand appropriate compensation for incurring material or intangible losses under applicable regulations.
- The Administrator is not responsible for the use of materials available on the website in an unlawful manner.
- The content placed on the Website is current as of the date of its posting unless otherwise indicated.
To use the Administrator’s website, it is necessary to have:
- Devices with Internet access
- Active e-mail inbox receiving e-mail messages
- A web browser that allows you to view web pages
- Software that allows you to read the content in the presented formats, e.g.pdf., video, mp3, mp4.
- Like most websites, the Administrator’s Website uses the so-called tracking technologies, i.e. cookies (“cookies”), which allows improving the Website in terms of the needs of Users visiting it.
- The website does not automatically collect any information, except for the information contained in cookies.
- Cookie files (so-called “cookies”) are IT data, small text files that are stored on an end device, e.g. computer, tablet, or smartphone, when the User uses the Administrator’s Website.
- These may be own cookies (coming directly from the Administrator’s Website) and third-party cookies (coming from websites other than the Administrator’s Website).
- Cookies allow you to adjust the content of the Administrator’s Website to the individual needs of the User and the needs of other Users visiting it. They also allow you to create statistics that show how website users use it and how they move around it. Thanks to this, the Administrator can improve the Website, its content, structure, and appearance.
- The Administrator uses the following third-party cookies as part of the Website:
a) Built-in Google Analytics code – to analyze Website statistics. Google Analytics uses its cookies to analyze the actions and behaviors of Website Users. These files are used to store information, e.g. from which page the User came to the current website. They help to improve the Website.
This tool is provided by Google LLC. Actions taken as part of the use of the Google Analytics code are based on the legitimate interest of the Administrator consisting of the creation and use of statistics, which then allows for improving the Administrator’s services and optimizing the Website.
As part of the use of the Google Analytics tool, the Administrator does not process any user data enabling his identification.
The administrator recommends that you familiarize yourself with the details related to the use of the Google Analytics tool, the possibility of disabling the tracking code, and possibly ask questions of the provider of this tool at the link: https://support.google.com/analytics#topic=3544906.
b) Plugins directing to social media – LinkedIn.
After clicking on the icon of a given plug-in, the user is sent to the website of an external provider, in this case, the owner of the LinkedIn social network. Then it can click “Like” or “Share”.
The administrator recommends that you read the privacy policy of LinkedIn before creating an account on this portal. The administrator does not influence the data processed by LinkedIn. From the moment the User clicks on the button of the plug-in to social media, personal data is processed by the social network LinkedIn, which also becomes their administrator and decides on the purposes and scope of their processing. Cookies left by the LinkedIn plugin (or other third parties) may also be applied to the User’s device after entering the Website and then associated with data collected on LinkedIn. By using the Website, the User accepts this fact. The controller does not influence the processing of data by third parties in this way.
LinkedIn accounts are located at the URL:
During the first access to the Website, the User must agree to cookies or take other possible actions indicated in the message to be able to continue using the content of the Website. By using the Site, you agree. If the User does not want to give such consent – he should leave the Website. Always, you can also change the settings of your browser, and disable or delete cookies. In the “Help” tab in the User’s browser, there is the necessary information.
- The use of the Website involves sending queries to the server on which the Website is stored.
- Each query addressed to the server is saved in the server logs. Logs include m.in, the User’s IP address, the date and time of the server, information about the web browser, and the operating system used by the User.
- Logs are saved and stored on the server.
- Server logs are used to administer the Website, and their content is not disclosed to anyone except persons and entities authorized to administer the server.
- The Administrator does not use the server logs in any way to identify the User.
Date of publication of the Privacy Policy: 03. 10,2022 AM
Date of last update: 03. 10,2022 AM