2.1 Personal data - is any information about an identified or identifiable natural person; specifically, it is personal data within the meaning of Article 4(1) of the RODO.

2.2 EEA - The European Economic Area is a free trade zone and common market that includes the countries of the European Union and the European Free Trade Association, with the exception of Switzerland.

2.3 Cookies - commonly referred to as cookies - are any IT data stored in the form of files (text-numeric), which are placed on the devices used by the User when connecting to a given site via the Internet. Such a device can be a cell phone, laptop, tablet, desktop computer, or any other device that uses the functions of a web browser.

Basic types of cookies:

• necessary cookies - these are files used to provide the User with necessary services and functionalities available through the Website. Through the Service, necessary cookies may be installed by the Administrator, or by the IT specialist managing the site (in agreement with the Administrator);
• functional cookies - these are files used to remember and adapt the Service to the choices made by the User, e.g. in terms of determining language preferences. Through the Service, functional cookies may be installed by the Administrator or third parties whose services are used by the Administrator;
• analytical cookies - these are cookies used to obtain information t.i.e. number of visits and sources of traffic on the Website, improvement of Website performance. Through the Service, analytical cookies may be installed by the Administrator or third parties whose services are used by the Administrator;
• marketing cookies - cookies used to tailor the advertising content displayed to the User's interests. Through the Service, marketing cookies may be installed by the Administrator or third parties whose services are used by the Administrator;
• performance cookies - cookies used to understand and analyze key performance indicators of the Service. Through the Service, performance cookies may be installed by the Administrator.
• Other cookies - The Administrator also uses other cookies that are not essential. These include other social media cookies.

The use of cookies other than essential cookies and the processing of personal data in connection with the use of such cookies is subject to the User's consent. This consent may be withdrawn at any time. The withdrawal of consent does not affect the lawfulness of processing that was carried out on the basis of consent before its withdrawal.

2.4 Privacy Policy - this document made available through https://paulinaczemiel.pl/.

2.5 RODO - Regulation EU 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

2.6. Service - the website available at https://paulinaczemiel.pl/ and all its sub-sites, including all services provided at the domain i.e. blog, contact form, newsletter, form for posting comments, news, links to social media.

2.7 Information society service - any service normally provided for remuneration, at a distance, electronically and at the individual request of the recipient of the service. In Poland, an information society service is defined as a service provided electronically; a service within the meaning of Article 1(1)(b) of Directive (EU) 2015/1535 of the European Parliament and of the Council.

2.8 Electronic Service Provision Act - the Act of July 18, 2002 on electronic service provision (Journal of Laws No. 144, item 1204, as amended);

2.9 Law - Telecommunications Law - the Law of July 16, 2004 on Telecommunications Law (Journal of Laws No. 171, item 1800, as amended).

3.1 A User is any natural person visiting the Site, social media operated by the Administrator, or using one or more of the services or functionalities described in the Privacy Policy.

3.2 The service is not intended for children. User:

• should be at least 16 years old to independently consent to the processing of personal data;
• under the age of 16 must obtain the consent of a legal guardian - in order to obtain the provision of information society services - can be sent by email: [email protected].

The Administrator is authorized to take measures to verify the age of the User.

The co-controllers of the personal data are:

• Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02X525, Ireland (formerly Facebook Ireland Limited).
• LinkedIn Ireland Unlimited Company, Legal Dept. (Privacy Policy and User Agreement), Wilton Place, Dublin 2, Ireland.

Co-administration is related to the Administrator's use of social media platforms. The Service also uses social plug-ins directing to social networks.

Personal data is processed by the Administrator:

5.1. on the basis of consent (Article 6(1)(a) of the RODO) for the purpose of:

• saving data in functional, analytical cookies, using cookies for the proper functioning of the Website and its sub-sites, and collecting data from the Website;
• issuing opinions about a product or service;
• contact by phone, email or through a remote communication application - for personal data other than ordinary personal data;
• sending newsletters - to the extent of data provided optionally (Article 10 of the Law on Provision of Electronic Services and Article 172 of the Law - Telecommunications Law);
• sending the Administrator's offers.

5.2. due to the necessity to conclude and/or perform a contract or to take action upon request (Article 6(1)(b) of the DPA) for:

• saving data in necessary cookies, using cookies for the proper functioning of the Website and its sub-sites, and collecting data from the Website;
• Provision of services by electronic means in terms of providing access to content collected on the Website, including for the purpose of providing a service related to the maintenance and operation of an account on the Website and a newsletter service;
• contact by phone, email or through a remote communication application;
• sending the Administrator's service offer;
• acceptance and execution of the order placed, performance of the service or execution of the concluded contract;
• processing a complaint or withdrawal from a contract concluded at a distance.
• performance of the service or execution of the concluded contract.

5.3. due to the need to fulfill a legal obligation of the Administrator (Article 6(1)(c) of the DPA) for:

• ensure accountability and demonstrate compliance with obligations imposed on the Administrator by law, including the creation of records and other documentation under the RODO;
• processing a complaint or withdrawal from a contract concluded at a distance;
• to issue an invoice, bill or fulfill other obligations under tax and accounting regulations, including for archival purposes.

5.4. legitimate interest (Article 6(1)(f) of the RODO) for:

• to ensure the security of the Website and the management of the Website, including improving its functionality and performance;
• creation of databases;
• operate an account on Instagram under the name "franki_and_spolki" and an account on LinkedIn under the name "Paulina Czemiel" and interact with users of these social media sites;
• To operate a website (fanpage) on Facebook under the name "Law Office of Legal Advisor Dr. Paulina Czemiel" and interact with users of this fanpage;
• sending newsletters as direct marketing of its own services or recommended services of third parties;
• conducting analyses of the Service, among other things, in terms of functionality and improvement of its operation, as well as satisfaction with the services offered;
• To contact Users, in particular to obtain feedback on the purchased service;
• To protect the rights of the Administrator consisting in establishing, asserting or defending against claims;
• conducting statistical analyses of Users' activity on the Website, Users' preferences in order to improve the applied functionalities of the Website;
• storage of data for archival and evidentiary purposes, for the purpose of securing information that can be used to prove facts.

6.1.You have the following rights with respect to your personal data:

• The right of access to personal data - the User has the inalienable right to request information about the processed personal data. On this basis, the Administrator shall provide the requesting person with information about the processing of personal data, including the purposes and legal grounds for the processing;
• The right to request rectification of data - the user has the right to request the deletion of false or erroneous personal data, as well as their completion if they are incomplete;
• The right to obtain a copy of the data - The user has the right to obtain a copy of the processed data of the person;
• The right to erasure - You have the right to request the erasure of personal data, the processing of which is no longer necessary to fulfill the purpose or purposes for which they were collected;
• Right to restrict processing - You have the right to request the Administrator to stop performing operations on personal data. This right applies in the following cases:
1. The data subject questions the accuracy of the personal data;
2. The data subject does not want the data deleted;
3. personal data is no longer needed for the purposes for which it was collected, but cannot be deleted due to applicable regulations;
4. the person who objected to the processing is waiting for a decision on the matter;
• The right to data portability - the User has the right that the Administrator, to the extent that the personal data are processed by automated means in connection with the concluded contract or on the basis of the consent given, issue the personal data in a computer-readable format. Within the framework of this entitlement, it is possible to request that the data be sent to another entity, provided that technical capabilities exist on the part of the Administrator and the designated entity;
• The right to object to the processing of personal data on the basis of the Administrator's legitimate interest for marketing purposes - You may object to the processing of personal data for marketing purposes at any time without having to justify such objection;
• The right to object to the processing of personal data on the basis of the Administrator's legitimate interest for a purpose other than marketing - the User has the right to object on grounds related to the User's particular situation;
• The right to withdraw consent - to the extent that the User's personal data is processed on the basis of consent, the User has the right to withdraw consent at any time, which, however, does not affect the lawfulness of personal data processing carried out before the withdrawal of consent;
• The right to lodge a complaint - The User has the right to lodge a complaint with a supervisory authority for the processing of personal data in the event that the processing of personal data is deemed to violate the provisions of the RODO or other regulations governing the protection of personal data. In Poland, the supervisory authority is the President of the Office for Personal Data Protection, Stawki 2, 00-193 Warsaw.

6.2 The User's rights are not absolute and do not apply to all personal data processing activities. In order to exercise his/her rights, the User may contact the Administrator by e-mail [email protected] or by postal mail to: Kancelaria Radcy Prawnego Paulina Czemiel, 4 Mławska Street, U6 premises, 15-411 Białystok, indicating the scope of their demands.

7.1 The Administrator's business activities are supported by external entities to which the Administrator shares personal data, in particular, suppliers responsible for the operation of IT systems, the accountant and banks and payment operators.

7.2 Major data recipients include:

• Aexol sp. z o.o., Mławska 4/U7, 15-213 Białystok, Poland, EU - entity providing technical and IT support, including hosting of the site, storage of data collected on the server, operation of the system for sending e-mail;
• https://www.useplunk.com/privacy - the entity that provides the system for sending the newsletter;
• Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02X525, Ireland - the entity providing the platform on which the company's social profile on Instagram platform, website (fanpage) and online group on Facebook platform are located;
• LinkedIn Ireland Unlimited Company, Legal Dept. (Privacy Policy and User Agreement), Wilton Place, Dublin 2, Ireland - the entity providing the platform on which the social profile is hosted;
• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland - an entity that provides a security tool for the Service and a tool for analyzing statistics (Google Analystics).

7.3 The Administrator reserves the right to disclose personal data in a situation where this will result from a legal obligation imposed on the Administrator, including the obligation to provide information to the competent administrative or law enforcement authorities.

8.1 The level of protection of personal data within the European Union differs from that outside the EEA. The Administrator works with entities both inside and outside the EEA.

8.2 The Administrator shall transfer personal data outside the EEA only when necessary, mainly in the situation of using the services of international entities. In such a situation, service providers have branches or subsidiaries within the EEA. In addition, legal mechanisms are used to ensure an adequate degree of protection, primarily compliance mechanisms (e.g. binding corporate rules approved by the competent supervisory authority, international certification standards) or standard contractual clauses defined by the European Commission as provided for in Article 46 of the RODO. This decision applies to third countries covered by a decision finding an adequate level of protection. Personal data may also be transferred outside the EEA based on your consent.

9.1 Personal data shall be kept for the time necessary to fulfill the purpose for which they were collected, in particular:

• personal data processed in connection with newsletter sign-ups for the period of the newsletter's operation or until the time of withdrawal of consent;
• Personal data processed in connection with the handling of the contact form for the period necessary to handle the request/inquiry;
• personal data processed in connection with the operation of the feedback form for the duration of the existence of the Service;
• other personal data processed on the basis of consent until the consent is withdrawn or the purpose of the processing is achieved;
• personal data processed due to the need to perform a contract or take action upon request for the period of discussions and negotiations preceding the conclusion of a contract or the performance of a service with respect to the data provided in the request for proposal or for the period of performance of the service and cooperation, as well as the period of limitation of claims under the law;
• personal data processed on the basis of the Administrator's legitimate interest until an objection filed under Article 21 of the RODO is successfully raised;
• personal data processed in connection with the performance of the Administrator's legal obligations for the period required by law, including tax law, accounting law, RODO;
• personal data processed in connection with the Administrator's use of social media platforms including the use of Facebook, Instagram, LinkedIn application functionality - for the period of existence of company pages, groups or accounts on the respective social network;
• personal data processed for analytical purposes and in connection with the administration of the website will be processed until such data becomes obsolete or no longer useful, or an objection is raised based on Article 21 of the DPA.

9.2 The User's personal data shall be additionally processed for the purpose of protecting the Administrator's rights consisting in establishing, asserting or defending against claims in accordance with the statute of limitations for such claims.

12.1 The Administrator uses cookies to provide the User with services provided electronically and to improve the quality of these services, the proper functioning of the Website, including improving navigation, remembering cookie preferences, ensuring the security and management of the Website, statistical and analytical research, for marketing purposes, linking to social networks, the proper functioning of the online store.

12.2 During the User's first visit to the Site, a message is displayed to the User about the use of cookies, including the type of cookies, along with a request for permission to use certain cookies.

12.3 The consequence of accepting cookies is that in the memory of the device used by the User, such as a tablet, computer or phone, or other electronic tool containing access to use a web browser via the Internet, information from the provider of the service in question, over which the User has no control, will be recorded.

12.4 The user has the ability to manage cookies.

• File management during the first visit to the Website - the User is shown a message about the use of cookies, including their type. As part of the message, the User has the option to give permission for selected cookies;
• Deleting cookies from the device - The User has the option to delete cookies located on the end device. To do this, the User should clear the browsing history in the browser. By doing so, the User deletes all cookies from all sites visited. Be aware that by doing so, stored information (e.g. login information) may be lost;
• Prevent storage of cookies - You have the ability to configure your web browser to prevent the storage of cookies. Unfortunately, this may hinder the proper functioning of the Website. Since cookies are also used to remember the User's cookie preferences, you should be aware of the consequences associated with changing your settings, especially if you disable the ability to store cookies on your end device, which may result in the inability to use certain functionalities, and some of the content provided by the Administrator may not be visible;
• Incognito mode - The user has the option to use the incognito mode offered by web browsers. Then the cookies will be deleted when the browser is closed;
• Other devices - if you use a different end device, profile on your computer or web browser, it will be necessary to redefine your cookie preferences.

The Administrator uses the following tools to improve its business operations, including the Service it has created. \'}

13.1 Contact form

The Administrator sometimes provides an opportunity to contact him using an electronic contact form available on the Website. The use of the form is not mandatory. In order to use the contact form, the User is required to provide personal data necessary to make contact and respond to the inquiry. The User may also provide other data to facilitate contact or handling of the inquiry. Providing personal data marked as mandatory fields is required in order to accept and handle the inquiry. Failure to provide this data will result in the inability to use the contact form or handle the inquiry. Provision of other personal data is voluntary. In the course of using the contact form, the Administrator also collects personal data in the form of IP address and signature of your browser. The above personal data are necessary in connection with the security measures used on the Website, which help, among other things, in detecting spam.

13.2 Form - feedback

The administrator provides the customer with the opportunity to leave feedback on the Website via Google. The use of the form - opinions is not mandatory. The rules of the Service are set by the Administrator, however, the rules of use of a particular social network - Google - result from the rules and regulations and community rules of these platforms.

13.3 Social media

The Administrator has social media profiles on Instagram, Facebook, LinkedIn. Personal data provided on social media will be processed for the purpose of administering and managing these profiles, communicating with the User, including answering questions, as well as for statistical and analytical purposes, interacting with the User, informing the User about organized events, interesting information, services and products offered by the Administrator, creating a community within the profile. The basis for processing personal data is the legitimate interest of the Administrator.

The rules of social networks are set by the Administrator, however, the rules of use of a particular social network are based on the rules and regulations and community rules of these platforms.

The user has the ability to opt out of watching the Administrator's profile at any time. It is also possible to block a given account, including the Administrator's profile. Due to the nature of the platforms used by the Administrator, only using the "block user" option will result in no content created by the Administrator being displayed to the User. For the rest, the content available on a given social media platform is common.

The Administrator processes publicly available personal data of Users, such as, for example, name, surname or general information that is posted on profiles, has been marked as public or made available to the Administrator by the User. The processing of other personal data is carried out by the owners of social networks under the terms and conditions contained in the rules of these platforms.

13.6 Social plug-ins

The service uses plug-ins directing to social networks Facebook, Instagram, LinkedIn and plug-ins that allow sharing content on these social networks, in particular "Share". The plug-ins in question are marked with the logo of the respective social network.

Personal data is sent to social networks only if the User takes the active action of clicking on the corresponding plug-in button. After pressing the icon with the logo of the social network, the web browser will initiate a connection to the servers of the social network in question, and the User will be redirected to the website of the external service provider, i.e. the owner of the social network in question. At the same time, the User's web browser will establish a direct connection to the servers of the selected social network. The use of these functions may involve the use of external cookies. From the moment the User clicks on the respective plug-in, his/her personal data is processed on the respective social network, and the owner of the social network becomes a co-controller of the personal data. The Administrator informs that from the moment the plug-in button is actively clicked, the Administrator has no influence on the nature and scope of the personal data collected by the owner of the respective social network.

The data is transferred regardless of whether the User has an account on a given social network or whether the User is logged in. If the User is logged in on a particular social media platform (e.g. Instagram), the collected personal data will be directly assigned to the account (profile) used by the User.

13.7 Newsletter

The administrator processes personal data of subscribers in the form of e-mail address. In the newsletter subscription form, these fields are mandatory. Providing this personal data is voluntary, but necessary to send the newsletter. In order to add the e-mail address to the subscribers' list, the User will be asked to confirm the subscription. Confirming the subscription will add the user to the newsletter mailing list database.

Subscribing to the newsletter means that the User consents to the sending of marketing and commercial information by means of electronic communication as defined in the Electronic Services Act. By confirming the subscription to the newsletter, the User consents to the Administrator's use of telecommunication terminal equipment for direct marketing of the Administrator's products and services, as well as the transmission of commercial information. The above consents are voluntary, but necessary for the dispatch of the newsletter. At any time, the subscriber may withdraw the consent given, which will result in the discontinuation of sending the newsletter.

The mailing system used by the Administrator to send the newsletter records all activity and actions taken by the User in connection with e-mails sent to the User, including the date and time of opening the message, clicking on links placed in the message, the moment of unsubscribing, etc.

The Administrator uses the services of https://www.useplunk.com to manage the list of email marketing subscribers and to send emails to subscribers. Plunk is a third-party provider that may collect and process Users' personal data using standard technologies to help the Administrator monitor and improve the newsletter. In connection with performing services to send the newsletter, the Administrator uses cookies, unique identifiers, web beacons and similar tracking technologies.

13.8 Statistical and analytical tools

15.1 The Administrator strives to continuously improve the procedures used and the security of personal data, so the Privacy Policy is reviewed on an ongoing basis and amended as necessary.

15.2 The Administrator encourages Users to regularly check the content of this document for updates.

15.3 The latest version of the Privacy Policy is published on the Website.

Date of last update: 23.12.2022 r.