Privacy Policy

1. General information

1. This policy applies to the website (the “Service”) operating at the following URL: https://studio1gdansk.pl/
2. The operator of the Service and the controller of personal data is: AMICUS MENTOR SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, ul. Leśna 1, 81-876 Sopot, NIP: 5932627645, KRS: 0000892825, REGON: 388576587
3. The operator’s contact email address: studio1gdansk@gmail.com
4. The operator is the controller of your personal data with regard to the data you voluntarily provide in the Service.
5. The Service uses personal data for the following purposes:
   • Handling inquiries via the form
   • Performing ordered services
   • Presenting an offer or information
6. The Service collects information about users and their behavior in the following ways:
   1. Through data voluntarily entered in forms, which are then entered into the Operator’s systems.
   2. By saving cookies on end-user devices (so-called “cookies”).

2. Selected data protection methods used by the Operator

1. Places where personal data is entered and login points are protected in the transmission layer (SSL certificate). Thanks to this, personal data and login details entered on the website are encrypted on the user’s computer and can be read only on the target server.
2. User passwords are stored in hashed form. The hashing function works one-way—its operation cannot be reversed—which is currently the modern standard for storing user passwords.
3. The Operator periodically changes its administrative passwords.
4. To minimize the risk of unauthorized access to data, the Operator uses complex passwords containing lowercase and uppercase letters, numbers, and special characters, at least 8 characters long.
5. An important element of data protection is regular updating of all software used by the Operator to process personal data, which in particular means regular updates of software components.
6. To protect data, the Operator regularly performs backups.

3. Hosting

1. The Service is hosted (technically maintained) on the server of the hosting provider: other_company
2. To ensure technical reliability, the hosting company keeps server-level logs. The following may be recorded:
   • resources identified by URL (addresses of requested resources—pages, files),
   • time the request arrived,
   • time the response was sent,
   • name of the client station—identification performed via the HTTP protocol,
   • information about errors that occurred during the execution of the HTTP transaction,
   • URL of the page previously visited by the user (referrer link)—if the user came to the Service via a link,
   • information about the user’s browser,
   • information about the IP address,
   • diagnostic information related to the process of ordering services independently via registrars on the website,
   • information related to handling email correspondence sent to the Operator and sent by the Operator.

4. Your rights and additional information about how data is used

1. In some situations, the Controller has the right to transfer your personal data to other recipients if this is necessary to perform the agreement concluded with you or to fulfill obligations incumbent on the Controller. This applies to the following groups of recipients:
   • hosting company, on the basis of entrustment/processing agreement
   • postal operators
   • authorized employees and associates who use the data to achieve the website’s operational purposes
   • companies providing marketing services to the Controller
2. Your personal data is processed by the Controller no longer than is necessary to perform activities related to it, as specified by separate regulations (e.g., accounting record-keeping). With regard to marketing data, the data will not be processed for longer than 3 years.
3. You have the right to request from the Controller:
   • access to your personal data,
   • rectification,
   • erasure,
   • restriction of processing,
   • and data portability.
4. You have the right to object, with regard to the processing indicated in item 3.3 c), to the processing of personal data for the purpose of pursuing legitimate interests carried out by the Controller, including profiling; however, the right to object may not be exercised where there are compelling legitimate grounds for processing overriding your interests, rights and freedoms, in particular for the establishment, exercise or defense of claims.
5. You have the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warsaw, Poland.
6. Providing personal data is voluntary but necessary to use the Service.
7. Automated decision-making may be carried out in relation to you, including profiling, for the purpose of providing services under the concluded agreement and for the Controller’s direct marketing.
8. Personal data is transferred to third countries within the meaning of personal data protection regulations. This means we transfer it outside the European Union.

5. Information in forms

1. The Service collects information voluntarily provided by the user, including personal data, if provided.
2. The Service may record information about connection parameters (timestamp, IP address).
3. In some cases, the Service may record information facilitating linking the data in the form with the email address of the user completing the form. In such a case, the user’s email address appears within the URL of the page containing the form.
4. Data provided in the form is processed for the purpose resulting from the function of the specific form, e.g., to handle a service request or commercial contact, service registration, etc. Each time, the context and description of the form clearly indicate what it is used for.

6. Administrator logs

1. Information about users’ behavior within the Service may be logged. This data is used for administering the Service.

7. Important marketing techniques

1. The Operator uses statistical analysis of website traffic via Google Analytics (Google Inc., based in the USA). The Operator does not transfer personal data to the provider of this service—only anonymized information. The service is based on cookies on the user’s end device. Regarding information about user preferences collected by Google’s advertising network, the user can view and edit information resulting from cookies using the tool: https://www.google.com/ads/preferences/
2. The Operator uses the Facebook Pixel. This technology causes Facebook (Facebook Inc., based in the USA) to know that a given person registered there uses the Service. In this case, it is based on data for which Facebook itself is the controller; the Operator does not transfer any additional personal data to Facebook. The service is based on cookies on the user’s end device.
3. The Operator uses remarketing techniques that allow advertising messages to be matched to the user’s behavior on the website, which may give the impression that the user’s personal data is used to track them; however, in practice no personal data is transferred from the Operator to advertising operators. A technological condition for such activities is that cookies are enabled.
4. The Operator uses a solution that automates the functioning of the Service in relation to users, e.g., it may send an email to a user after visiting a specific subpage, provided the user has consented to receive commercial correspondence from the Operator.

8. Information about cookies

1. The Service uses cookies.
2. Cookies (so-called “cookies”) are IT data, in particular text files, stored on the end-user device of the Service user and intended for using the Service’s websites. Cookies usually contain the name of the website they come from, the time they are stored on the end device, and a unique number.
3. The entity placing cookies on the end-user device and obtaining access to them is the Service operator.
4. Cookies are used for the following purposes:
   1. maintaining the user’s session in the Service (after logging in), thanks to which the user does not have to re-enter their login and password on each subpage of the Service;
   2. achieving the purposes specified above in the section “Important marketing techniques”.
5. The Service uses two main types of cookies: “session” cookies and “persistent” cookies. Session cookies are temporary files stored on the user’s end device until logout, leaving the website, or closing the software (web browser). Persistent cookies are stored on the user’s end device for the time specified in the cookie parameters or until they are deleted by the user.
6. Web browsing software (web browser) usually allows cookies to be stored on the user’s end device by default. Users of the Service can change these settings. The browser allows cookies to be deleted. Automatic blocking of cookies is also possible. Detailed information on this is included in the browser’s help or documentation.
7. Restrictions on the use of cookies may affect some functionalities available on the Service’s websites.
8. Cookies placed on the end-user device may also be used by entities cooperating with the Service operator, in particular: Google (Google Inc., based in the USA), Facebook (Facebook Inc., based in the USA), Twitter (Twitter Inc., based in the USA).

9. Managing cookies – how to give and withdraw consent in practice?

1. If the user does not want to receive cookies, they can change their browser settings. We reserve that disabling cookies necessary for authentication, security, and maintaining user preferences may make it difficult—and in extreme cases may prevent—the use of websites.
2. To manage cookie settings, select the web browser you use from the list below and follow the instructions:
   • Edge
   • Internet Explorer
   • Chrome
   • Safari
   • Firefox
   • Opera
   Mobile devices:
   • Android
   • Safari (iOS)
   • Windows Phone