Based on: GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27/04/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Journal of Laws . EU L 2016 No. 119)

Content of the administrator's privacy policy:

1. The administrator's privacy policy contains information regarding:

1. processing personal data and other information regarding users of the website available at: https://bytheray.com/ (hereinafter referred to as the "Site");
2. processing of personal data in connection with the execution of an order in the online store, via the order form, as well as through the registration form in connection with setting up an account in the online store;
3. processing personal data and other information regarding Facebook users on the by the ray fanpage ( https://www.facebook.com/bytherayofficial );
4. processing personal data and other information regarding Instagram users on the administrator's profile under the name bytherayofficial ( https://www.instagram.com/bytherayofficial/ );
5. processing of personal data contained in the contact form available on the website;
6. processing of personal data contained in electronic correspondence;
7. processing personal data of newsletter subscribers;
8. the policy also includes all information that data subjects should receive in accordance with the GDPR.

1. The administrator's privacy policy contains information on the processing of data obtained through the Website, including the use of cookies or other similar technologies.

Personal data administrator:

The administrator of personal data is BTR CONCEPT sp. z o. o. based in Warsaw, ul. Polki 1A/20, 02-826 Warszawa, entered into the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw. Warsaw in Warsaw, 13th Commercial Division of the National Court Register under KRS number: 0001068040, NIP: 9512581861, REGON: 526883044.

You can contact the data administrator:

1. at the following e-mail address: hello@bytheray.com .

What are the purposes, legal basis and duration of data processing:

WEBSITE:

Site Operation

1. In order to provide the Website service, the service provider processes information about the user's device to ensure the correct operation of the services: computer IP address, information contained in cookies or other similar technologies, session data, web browser data, device data, data regarding activity on the Website, including on individual subpages.
2. This information does not contain data regarding the identity of users, but in combination with other information it may constitute personal data and therefore the administrator provides it with full protection under the GDPR.
3. You can leave a comment under the content of the blog entry on the website. The form for publishing a comment contains the following fields to complete: name, e-mail address and comment content. If a person posts personal data allowing for his or her direct or indirect identification, the administrator processes the personal data of such a natural person also in this respect.
4. The Administrator also processes personal data contained in reports regarding illegal content in comments, in connection with the implementation of the procedure referred to in point 15 of the Regulations (DSA COMMENTS).
5. In addition, the administrator processes personal data contained in the order form in the online store and registration in order to set up an account in the online store on the terms described in the Regulations, after obtaining the consent of the natural person.
6. These data are processed in accordance with Art. 6 section 1 letter b GDPR, in order to provide the Website service and in accordance with Art. 6 section 1 letter a GDPR in connection with consent to the use of specific cookies or other similar technologies, expressed by appropriate settings of the web browser in accordance with the Telecommunications Law and in accordance with Art. 6 section 1 letter b GDPR in connection with the execution of an order in the online store, registration and maintenance of an account in the online store. The data is processed until the user finishes using the Website, and in the case of completing the application form to place an order in the online store, for the time necessary to complete the order.
7. In the situation referred to in section 3, these data are processed in accordance with Art. 6 section 1 letter b GDPR, in order to provide the Website service by enabling users to leave comments and thus use its functionalities. The data is processed until the person requests the deletion of his or her data along with the comment.
8. In the situation referred to in section 4, these data are processed in accordance with Art. 6 section 1 letter c GDPR:

1. in order for the administrator to fulfill the legal obligation to accept a report on the existence of illegal content, consider the report, inform about the decision made, and inform about the possibility of appealing against the decision;
2. for the purpose for which, on the basis of proceedings conducted before authorized public administration bodies, including law enforcement authorities, in matters relating to
   purposes or basis for the processing of personal data referred to in point 1, the administrator will be obliged to process the indicated personal data.

In the case of point a), the data is stored until the decision is informed and, in the event of an appeal, until the appeal is considered. In the case of point b), data are stored for the duration of such obligation.

Complaints

In order to consider complaints, the service provider processes personal data of users submitting complaints, in particular e-mail address, name, surname, content of the complaint, circumstances of the event giving rise to the complaint, information obtained in the course of considering the complaint, including explanations of the event giving rise to it. In the course of considering a complaint, the service provider may process a number of other information, including the user's name and surname, information about the user's use of services, cookies or other similar technologies, and information about devices.

These data are processed in accordance with Art. 6 section 1 letter b GDPR for the purpose of providing services and are processed for the time necessary to consider the complaint and no longer than 3 months after the end of the complaint procedure for archiving purposes in the event of a need to defend against possible claims against the service provider in accordance with the information provided below.

Explanatory proceedings, pursuing claims

In the event of undertaking an investigation regarding a possible violation of the provisions of the policy or legal provisions, principles of social coexistence or good manners, proceedings to pursue claims by the administrator or by other users or entities, defense against claims of users or other entities, the administrator may process personal data of specific users until the end of the ongoing proceedings and until the expiry of the limitation period for the administrator's claims against the user, which is usually 3 years in accordance with the Civil Code, but in special cases provided for by law, it may be longer.

If personal data will be processed in order to pursue claims of other users, these data may be made available for this purpose to another user or entity or to a public authority authorized by law, e.g. courts, police, prosecutor's office.

These data will then be processed, including made available in accordance with Art. 6 section 1 letter c GDPR, i.e. in order to fulfill the obligation arising from the legal provisions regarding the obligation to consider complaints, in accordance with the Act on the provision of electronic services or in accordance with Art. 6 section 1 letter f GDPR, i.e. in the legitimate interest of the administrator consisting in pursuing claims against the user. The legitimate interest of the administrator will then override the rights and freedoms of the service recipient.

Marketing and PR activities of the administrator

The administrator may post marketing information about its products or services on the Website. This content is displayed by the administrator in accordance with Art. 6 section 1 letter f GDPR, in accordance with the legitimate interest of the administrator consisting in publishing content related to the services provided and the content of promotional campaigns in which the administrator is involved. At the same time, this action does not violate the rights and freedoms of users, users expect to receive similar content, and sometimes they even expect it or it is their direct purpose of visiting the Website.

Cookies​

The website uses its own cookies and third-party cookies .

Own cookies:

1. Cookies are small text information in the form of text files, sent by the server and saved on the side of the person visiting the website (e.g. on the hard drive of a computer, laptop or on the memory card of a smartphone - depending on the device used by the person) . visiting the Site).
2. The Administrator may process data contained in cookies when used by visitors to the Website for the following purposes:

1. remembering data from completed forms available on the Website, including ordering forms available on the Website, as well as registration forms to set up an account in the online store;
2. adapting the content of the Website to the individual preferences of the Service User (e.g. regarding colors, font size, page layout) and optimizing the use of the Website;
3. remembering products that have been added to the cart to place a product order;
4. keeping anonymous statistics showing how the Website is used.

1. By default, most web browsers available on the market accept cookies . Everyone can define the conditions for the use of cookies using the settings of their own web browser. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the ability to save cookies - in the latter case, it may affect some functionalities of the Website.
2. Web browser settings regarding cookies are important from the point of view of consent to the use of cookies by the Website - in accordance with the regulations, such consent may also be expressed through web browser settings. If you do not give such consent, you should change your web browser settings regarding cookies accordingly .
3. Detailed information on changing cookie settings and deleting them yourself in the most popular web browsers is available on the following websites (just click on the link):

1. in the Chrome browser
2. in Firefox browser
3. in the Opera browser
4. in Safari browser
5. in Microsoft Edge browser .

Third party cookies:

The administrator uses external tools that use cookies , such as :

Google Analytics (Google Analytics 4), Google Ads, Hotjar, Meta Pixel, Mailchimp, and from the website you may be redirected to social networking sites: Facebook, Instagram.

Google Analytics ( Google Analytics 4)

Google Analytics is a third party analytics tool provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

The Google Analytics tool allows owners of websites and applications to learn the rules of use of these websites and applications by users.

The tool may use a set of cookies to collect information and generate reports with statistics on website usage. The collected data does not enable the identification of individual users. The main type of cookie used by Google Analytics is "_ga".

In addition to reporting website usage statistics, data collected by Google Analytics may also facilitate, together with some of the cookies described above, the display of more relevant advertising on Google services (e.g. Google Search) and across the web.

The information indicated above comes from the website:

https://policies.google.com/technologies/types?hl=pl

The storage period for data about users and events related to cookies, user IDs or advertising IDs is 12 months.

Then, after the storage period ends, the data will be automatically deleted once a month.

Google has achieved ISO 27001 certification covering the systems, applications, people, technologies, processes and data centers that support various Google services, including Google Analytics.

All other information related to privacy and data security can be found at:

 https://support.google.com/analytics/topic/2919631?hl=pl&ref_topic=1008008  

Google Analytics 4 (GA4), i.e. the new version of Analytics:

• collects website and app data to better understand the customer journey;
• uses event-based rather than session-based data;
• includes privacy settings such as cookieless measurement and behavior and conversion modeling;
• includes predictive functions that suggest recommended actions without the use of complex models;
• integrates directly with media platforms to help drive user action on your website or app.

Standard Universal Analytics services will stop processing data on July 1, 2023. Universal Analytics reports will be available for some time after July 1, 2023. However, new data will only go to Google Analytics 4 properties.

Full information about the GA4 service is available on the website at: https://support.google.com/analytics/answer/10089681?hl=pl .

Google Ads

Google Ads is a third-party advertising tool designed to promote products and services on the Google search engine, YouTube and other websites. It is operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

When using this tool for advertising activities, the administrator relies on his legitimate interest, i.e. marketing his own products.

Google Ads displays ads when users search for your administrator's products on the Internet. By using intelligent technology, Google Ads makes it easier to reach potential customers when they are ready to take action.

Google Ads features, such as remarketing and customer match targeting, allow you to create and upload audience lists that are used to target ads across Google media and third-party sites.

Using the Google Ads tool does not lead to the collection of user data that would allow their identification. On the other hand, please remember that Google may compile data in such a way that it becomes personal data. However, the above is beyond the scope of the administrator's responsibility and results from the implementation of these activities by Google (contract concluded with the user of Google services).

Ad settings can be managed directly on the Google website if a person does not want to receive personalized ads: https://adssettings.google.com/authenticated .

Any other information related to controlling the information Google collects on websites and apps can be found at:

https://policies.google.com/technologies/partner-sites .

Hotjar

Hotjar is a tool provided by Hotjar Limited, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141 , Malta. The function of this tool is to strive to understand the needs of users and optimize the website, taking into account their experiences while using the website.

What information does an administrator gain from using Hotjar?

Among others information about the user's web browser, visited subpages, time spent by the user on the website and individual subpages.

All important information regarding cookies and Hotjar Ltd's privacy policy can be found at:

• https://www.hotjar.com/legal/policies/privacy/
• https://help.hotjar.com/hc/en-us/articles/115011789248-Cookies-on-hotjar-com .

Meta Pixel (Facebook and Instagram)

Meta Pixel is a marketing tool provided by Meta Platforms Inc. , One Hacker Way, Menlo Park, CA 94025 USA. In Europe, Meta Platforms Ireland Limited operates 4 GRAND CANAL SQUARE, GRAND CANAL HARBOR , 462129 Dublin , IRELAND.

The Meta Pixel tool helps you measure the effectiveness of your ads by analyzing the actions users take on your site.

What is the application of the above? tool?

1. Broadcasting ads to the right audience.
2. Increasing sales.
3. Measuring ad performance.

The website has been configured with a Meta pixel, so this tool will fire whenever someone takes an action on the admin's website. Examples of actions include, for example, visiting subsequent subpages. The pixel collects these activities (aka events). Thanks to this, you can see the actions taken by website users and use options that will enable you to reach them again with future advertisements.

The information indicated above comes from the website: https://pl-pl.facebook.com/business/help/742478679120153?id=1205376682832142

Information (including information about the websites you visit and the advertisements you view) may be used to help advertisers and other partners measure the effectiveness and distribution of their advertising and services, and to understand the types of people who use their services and how users visit their websites or use their applications and services. If the website wants to link this data with other information about the website user, we would like to inform you that these are activities over which, as the administrator of personal data only on our fanpage, we have no real influence.

All information in this regard is available at: https://www.facebook.com/policy/cookies/

MailChimp

To automate mailing services as part of the newsletter service, the Administrator uses tools provided by MailChimp, which is owned and managed by The Rocket Science Group LLC with its registered office: Georgia, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, USA.

In the scope of providing the newsletter service, information related to the processing of personal data of newsletter subscribers can be found further in the Policy. Here, the administrator presents information related to cookies regarding integration with the MailChimp program, which is available at:

• Full information regarding privacy and data security is available at:

https://mailchimp.com/legal/privacy/

• Information about the cookies used is available at:

https://mailchimp.com/legal/cookies/ 

Social tools

On the website, after the user clicks on the icon of the appropriate social networking site, he or she may be redirected to: Facebook and Instagram, which means that a connection to this site will be established in the user's browser. The information obtained by the website when a person is not logged in to it or does not have an account on it is: displaying the website in the browser and its IP address. Such information is sent and stored on the server of the owner of a given website. If you log in to the appropriate website, personal data is collected and processed on the terms described in the Privacy Policies of these websites.

Issues related to privacy protection are regulated on individual social networking sites:

• Facebook: https://pl-pl.facebook.com/privacy/explanation
• Instagram: https://www.facebook.com/help/instagram/155833707900388 

FACEBOOK FANPAGE:

Running a fanpage

The administrator processes users' personal data in order to enable them to use the fanpage. The administrator has information about:

liking the fanpage,

activities on the fanpage,

content of comments and posts posted by users.

1. These data are processed in accordance with Art. 6 section 1 letter b GDPR in order to provide services.

Explanatory proceedings, pursuing claims

In the event of undertaking an investigation regarding a possible violation of the provisions of the policy or legal provisions, principles of social coexistence or good manners, proceedings to pursue claims by the administrator or by other users or entities, defense against claims of users or other entities, the administrator may process personal data of specific users until the end of the ongoing proceedings and until the expiry of the limitation period for the administrator's claims against the user, which is usually 3 years in accordance with Art. 118 of the Civil Code, but in special cases provided for by law it may be longer.

If personal data will be processed in order to pursue claims of other users, these data may be made available for this purpose to another user or entity or to a public authority authorized by law, e.g. courts, police, prosecutor's office.

These data will then be processed, including made available in accordance with Art. 6 section 1 letter c GDPR, i.e. in order to fulfill the obligation arising from the legal provisions regarding the obligation to consider complaints, in accordance with the Act on the provision of electronic services or in accordance with Art. 6 section 1 letter f GDPR, i.e. in the legitimate interest of the administrator consisting in pursuing claims against the user. The legitimate interest of the administrator will then override the rights and freedoms of the service recipient.

Marketing and PR activities of the administrator

1. On the fanpage, the administrator may post marketing information about his products, services or events that he organizes or participates in.
2. This content is displayed by the administrator in accordance with Art. 6 section 1 letter f GDPR, in accordance with the legitimate interest of the administrator consisting in its own marketing activities. At the same time, this action does not violate the rights and freedoms of users who expect to receive similar content, and sometimes even expect it, in particular due to the specific nature of Facebook's operation.

COMPANY PROFILE ON INSTAGRAM:

Maintaining a profile

The administrator processes users' personal data in order to enable them to use his company profile on Instagram. The administrator has information about:

people following his profile,

likes,

views on Instagram stories,

user activity,

content of comments posted by users.

1. These data are processed in accordance with Art. 6 section 1 letter b GDPR in order to provide services.

Contact with users

In order to enable the administrator to contact the user, the administrator processes information about persons contacting the administrator via messages sent by Instagram, in particular the name and surname or user name on Instagram, the content of correspondence (messages, threads). Messages are not stored by the administrator in places other than Instagram.

The data is processed in accordance with Art. 6 section 1 letter f GDPR, in the legitimate interest of the administrator and users, consisting in the need to ensure contact between users and the administrator, and the processing of this data does not violate the rights and freedoms of users.

The content of correspondence and contact information is processed for the time necessary to resolve the user's case and no longer than 3 months after settling the case for archiving purposes in the event of a need to defend against possible claims against the administrator. After this time, they are deleted from the administrator's profile, after which the administrator will no longer be able to access this data.

Explanatory proceedings, pursuing claims

In the event of undertaking an investigation regarding a possible violation of the provisions of the policy or legal provisions, principles of social coexistence or good manners, proceedings to pursue claims by the administrator or by other users or entities, defense against claims of users or other entities, the administrator may process personal data of specific users until the end of the ongoing proceedings and until the expiry of the limitation period for the administrator's claims against the user, which is usually 3 years in accordance with Art. 118 of the Civil Code, but in special cases provided for by law it may be longer.

If personal data will be processed in order to pursue claims of other users, these data may be made available for this purpose to another user or entity or to a public authority authorized by law, e.g. courts, police, prosecutor's office.

These data will then be processed, including made available in accordance with Art. 6 section 1 letter c GDPR, i.e. in order to fulfill the obligation arising from the legal provisions regarding the obligation to consider complaints, in accordance with the Act on the provision of electronic services or in accordance with Art. 6 section 1 letter f GDPR, i.e. in the legitimate interest of the administrator consisting in pursuing claims against the user. The legitimate interest of the administrator will then override the rights and freedoms of the service recipient.

Marketing and PR activities of the administrator

1. On the Instagram profile, the administrator may post marketing information about his products, services or events that he organizes or participates in.
2. This content is displayed by the administrator in accordance with Art. 6 section 1 letter f GDPR, in accordance with the legitimate interest of the administrator consisting in its own marketing activities. At the same time, this action does not violate the rights and freedoms of users who expect to receive similar content, and sometimes even expect it, in particular due to the specific nature of Instagram's operation.

ONLINE CONTACT FORM:

1. Personal data such as: name, e-mail address and message content are processed for the time necessary to resolve the user's case, including to send marketing information about selected services, and no longer than 3 months after handling the case for archiving purposes in the event of a need to defend against possible claims against the administrator.
2. These data will then be processed for the purpose of providing the online contact form service provided electronically (Article 6(1)(b) of the GDPR).
3. In the scope of sending commercial information by electronic means or direct marketing using telephone end devices, data will be processed on the basis of consent expressed by express confirmatory actions (Article 6(1)(a) in connection with Article 4(11) of the GDPR), consisting in supplementing appropriate field to enter your e-mail address.

Pursuing claims

If it is necessary to pursue claims by the administrator or other users or entities, defend against claims of users or other entities, the administrator may process personal data of specific users contained in the online contact form until the end of the ongoing proceedings and until the expiry of the limitation period for the administrator's claims against the user, which is usually 3 years in accordance with Art. 118 of the Civil Code, but in special cases provided for by law it may be longer.

These data will then be processed in accordance with Art. 6 section 1 letter f GDPR, i.e. in the legitimate interest of the administrator consisting in pursuing claims against the user or defending against claims. The legitimate interest of the administrator will then override the rights and freedoms of the service recipient.

Statistics on the use of services

1. In order to improve the quality of its services, the administrator processes statistical information regarding the use of the online contact form and for this purpose uses statistical information provided by cookies or other similar technologies.
2. These data are processed in accordance with Art. 6 section 1 letter f GDPR in the legitimate interest of the administrator consisting in facilitating the use of services, improving the quality and functionality of the services provided, and the processing of this data does not violate the rights and freedoms of users.
3. This data is processed as part of the administrator's ongoing activities, but no longer than 60 days from receiving the information. After this time, the administrator may further process general statistical data, which will be devoid of any information regarding individual users.

ELECTRONIC CORRESPONDENCE (E-MAIL):

1. The Administrator processes contact information about the senders and addressees of e-mail correspondence, contained in the content of this correspondence, in order to:

1. enabling e-mail contact with the administrator and contacting recipients;
2. documenting arrangements made with persons contacting via e-mail;
3. accepting letters, reports and applications in electronic form;
4. protection against claims and pursuing possible claims.

1. We store correspondence for one year, unless the messages contain content important for pursuing claims or defending against claims, then we will store selected messages for up to 3 years, i.e. until the expiry of the limitation period for claims, in accordance with the Civil Code.
2. The legal basis for the processing of data contained in e-mail correspondence is:

1. the legitimate interest of the data controller and senders of electronic messages (Article 6(1)(f) of the GDPR) - in relation to incidental correspondence, consisting in enabling electronic contact with the controller;
2. voluntarily expressed consent through a clear confirmatory action - if the sender of the message asks for information regarding services or products, the response provided to the sender will contain the information requested by the sender, and sending the inquiry will constitute consent to the administrator sending commercial information to the sender to the e-mail address provided by the sender -email to the extent necessary to respond (Article 10 of the Act on the provision of electronic services); the expressed consent may be withdrawn at any time without giving a reason, but commercial information sent after sending the inquiry and before the consent is withdrawn will be sent in accordance with the law; withdrawal of consent may make it impossible to fully answer the question;
3. the legitimate interest of the administrator consisting in pursuing claims or defending against claims, in accordance with generally applicable laws, in particular the Civil Code (Article 6(1)(f) of the GDPR).

NEWSLETTER:

1. The administrator processes the e-mail addresses of newsletter subscribers in order to provide the ordered newsletter service, provided electronically. The administrator processes data:

1. name,
2. provided e-mail address,
3. date of joining the subscription,
4. information about sending newsletters.

1. In addition, the administrator processes e-mail addresses provided to provide the newsletter service also to provide the service in accordance with this Privacy Policy.
2. The data is processed in accordance with Art. 6 section 1 letter b GDPR in order to provide the newsletter service. However, consent to receive messages for the purpose of providing the newsletter service and to be informed about promotions and offers is expressed pursuant to Art. 10 section 2 in connection from paragraph 1 of the Act on the provision of electronic services and Art. 172 section 1 of the Telecommunications Law.

Complaints

1. In order to consider complaints, the service provider processes personal data of subscribers submitting complaints, in particular: e-mail address, name and surname, content of the complaint, circumstances of the event giving rise to the complaint, information obtained in the course of considering the complaint, including explanations of the event giving rise to it. In the course of considering a complaint, the service provider may process a number of other information, including the user's name and surname, information about the subscribers' use of the newsletter service, cookies or other similar technologies, and information about devices.
2. The data is processed in accordance with Art. 6 section 1 letter c GDPR in order to fulfill the obligation arising from the legal provisions regarding the obligation to consider complaints, in accordance with the Act on the provision of services by electronic means, for the time necessary to consider the complaint and no longer than one year after the end of the complaint procedure for archiving purposes in accordance with the Accounting Act, if necessary defense against possible claims against the service provider in accordance with the information provided below.

Explanatory proceedings, pursuing claims

1. In the event of undertaking an investigation regarding a possible violation of the provisions of this Policy or legal provisions, principles of social coexistence or good manners, the administrator may process personal data of specific subscribers until the end of the ongoing proceedings and until the expiry of the limitation period for the administrator's claims against the subscriber, which is usually 3 years. , but in special cases provided for by law it may be longer.
2. These data will then be processed, including made available in accordance with Art. 6 section 1 letter f GDPR, i.e. in the legitimate interest of the administrator consisting in pursuing claims against the user. The legitimate interest of the administrator will then override the rights and freedoms of the subscriber.

Recipients of user data:

1. The administrator discloses users' personal data only to processing entities under concluded contracts entrusting the processing of personal data in order to provide services to the administrator, e.g. hosting and operating the Website, IT services, e-mail support, accounting, advisory and legal services.
2. In the scope of the fan page, due to the specificity of Facebook, information about people following the fan page, about likes, as well as the content of comments, posts and other information provided by users are public. However, the administrator does not disclose other information to other entities.
3. Regarding the Instagram profile, due to the specificity of this website, information about people following the profile, likes, views on stories, as well as the content of comments and other information provided by users are public. However, the administrator does not disclose other information to other entities.

Transferring personal data to third countries:

Personal data will be processed in third countries only to the extent necessary to provide the Administrator's services and this will be done in compliance with specified measures (i.e. on the basis of a decision confirming the appropriate level of protection issued by the EU Commission or on the basis of appropriate guarantees, Article 44 et seq. of the GDPR ).

Rights of persons whose personal data concern:

Every data subject has the right:

for information on data processing - the administrator provides the person submitting the request with information about the processing of personal data, including, in particular, the purposes and legal basis for processing, the scope of personal data held, entities to which they are disclosed and the planned date of deletion of personal data (after the end of the storage period) ;

the right to obtain a copy of the data - the administrator provides the person submitting the request with a copy of personal data relating to him/her;

the right to rectify data - the administrator removes any inconsistencies or errors in the processed personal data upon request and supplements them if they are incomplete;

the right to delete data - the administrator, upon request, deletes or anonymizes personal data whose processing is no longer necessary to achieve any of the purposes for which they were collected;

the right to limit data processing - upon request, the administrator stops operations on personal data - except for operations to which the data subject has consented - and their storage, in accordance with the adopted personal data storage period or until the reasons for limiting data processing no longer exist personal data;

the right to transfer data - to the extent that personal data are processed in an automated manner, the administrator, upon request, issues personal data provided by the data subject in a format that allows personal data to be read by a computer;

the right to object (including for marketing purposes) - the person whose personal data is processed may at any time object to the processing of personal data which is carried out on the basis of the legitimate interest of the administrator;

the right to withdraw consent - at any time and without giving a reason, but the processing of personal data carried out before the withdrawal of consent will still remain lawful. Withdrawal of consent will result in the administrator ceasing to process personal data for the purpose for which the consent was expressed.

1. To exercise the above-mentioned rights, the data subject should contact the controller using the provided contact details and inform him which right and to what extent he wishes to exercise.

President of the Personal Data Protection Office:

The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office with its registered office in Warsaw at ul. Stawki 2, which can be contacted as follows:

1. by post: ul. Stawki 2, 00-193 Warszawa,
2. via the electronic inbox available at: https://www.uodo.gov.pl/pl/p/kontakt ;
3. by phone: (22) 531 03 00.

Change of privacy policy:

1. The privacy policy may be supplemented or updated in accordance with the administrator's current needs in order to provide users with current and reliable information regarding their personal data and information about them. Users will be informed about any changes to the privacy policy on the administrator's website.
2. This privacy policy is effective from the date it is posted on the website.
3. Date of publication: 22/04/2024.