- This privacy notice is for the website located at www.elmababy.pl
- The website is operated by Ewa Matuszyk F.H.U. \”ELMA BIS V\” Zembrzyce 632, 34-210 Zembrzyce, who is also the Controller of personal data
- Contact e-mail address of the operator: firstname.lastname@example.org
- The Operator is the controller of your personal data provided voluntarily when using the website.
- The website uses personal data for the following purposes:
- to handle inquiries submitted via the online form
- to supply ordered services
- to present the company’s offer or other information
- The website collects information concerning users and user behaviour in the following way:
- using personal data provided voluntarily via the online form which are then registered in the Operator’s systems
- by storing cookie files on end devices
2. Selected data protection methods used by the Operator
- The login and personal data entry areas are protected in the transport layer (SSL certificate). Thanks to this, personal data and login details typed in on the website are encrypted on the user’s device and can only be read on the destination server.
- Personal data stored in the database are encrypted so that they only can be read by the Operator who has the key. This protects the data in case database is stolen from the server.
- User passwords are hashed. The hash function is one-way only – it cannot be reverse-engineered, and this represents the modern-day standard in user password storage.
- The website relies on two-factor authentication for added security when logging into the website.
- The Operator changes their administrative passwords from time to time.
- To protect the data, the Operator regularly makes backup copies.
- Regular updates of all software used by the Operator to process data, in particular regular updates of software development components, are an essential element of data protection.
- The website is hosted (technically maintained) on the servers of the following operator: cyberFolks.pl
4. Your rights and additional information concerning the use of data
- In certain situation the Controller may transfer your personal data to other recipients if this is necessary for the performance of the concluded contract or for the fulfilment of obligations by the Controller. Data can be transmitted to the following groups of recipients:
- to a hosting company (entrusted data)
- authorised employees or partners who need the data to ensure proper operation of the website
- Your personal data will be processed by the Controller not longer than required for the completion of activities indicated in separate provisions of law (e.g. accounting regulations). As concerns marketing purposes, data will not be processed longer than for 3 years.
- You have the right to:
- access your personal data,
- rectify your personal data
- delete your personal data,
- restrict processing,
- data portability
- You have the right to object to processing of personal data based on section 3.3(c) where such data is processed for the purposes of legitimate interest pursued by the Controller, including to profiling, with the reservation that the right to object cannot be exercised when the Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, in particular for the establishment, exercise or defence of legal claims.
- You can lodge a complaint against the activities of the Controller with the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warszawa.
- Provision of personal data is voluntary but necessary for the operation of the website.
- You may be subject to a decision based solely on automated processing, including profiling in order to be provided services under the concluded contract and for direct marketing purposes.
- Personal data are not transmitted to third countries, as defined in the relevant data protection regulations. This means that we don’t send data outside the European Union.
5. Data provided via the online forms
- The website only collects data, including personal data, provided voluntarily by users.
- The website may collect information concerning connection parametres (time of visit, IP address).
- In some cases, the server may store information that makes it possible to link the data provided via the form by a user with this user’s e-mail address. In such event, the user’s e-mail address is integrated with the url of the site containing the form.
- The data provided via an online form are processed for the purposes connected to the function of a specific form, e.g. to handle a service inquiry, contact the customer, register services, etc. The context and description of a form always inform clearly what its purpose is.
6. Data Controller’s logs
- Data concerning user behaviour on the website may be logged. These data are used for website administration purposes.
7. Significant marketing techniques
- The Operator carries out a statistical analysis of website traffic using Google Analytics (Google Inc. with registered office in the USA). The Operator doesn’t transmit personal data but only sends anonymous information to the provider of this service. The service relies on the use of cookie files on the end device of a user. As far as information user preference information collected by a Google ad network is concerned, the user may view and edit information resulting from cookie files using the tool available at https://www.google.com/ads/preferences