Privacy policy

1.  Overview

  1. This privacy notice is for the website located at www.elmababy.pl
  2. The website is operated by Ewa Matuszyk F.H.U. \”ELMA BIS V\” Zembrzyce 632, 34-210 Zembrzyce, who is also the Controller of personal data
  3. Contact e-mail address of the operator: office@elmababy.pl
  1. The Operator is the controller of your personal data provided voluntarily when using the website.
  1. The website uses personal data for the following purposes:
  • to handle inquiries submitted via the online form
  • to supply ordered services
  • to present the company’s offer or other information
  1. The website collects information concerning users and user behaviour in the following way:
  • using personal data provided voluntarily via the online form which are then registered in the Operator’s systems
  • by storing cookie files on end devices

2. Selected data protection methods used by the Operator

  1. The login and personal data entry areas are protected in the transport layer (SSL certificate). Thanks to this, personal data and login details typed in on the website are encrypted on the user’s device and can only be read on the destination server.
  2. Personal data stored in the database are encrypted so that they only can be read by the Operator who has the key. This protects the data in case database is stolen from the server.
  3. User passwords are hashed. The hash function is one-way only – it cannot be reverse-engineered, and this represents the modern-day standard in user password storage.
  4. The website relies on two-factor authentication for added security when logging into the website.
  5. The Operator changes their administrative passwords from time to time.
  6. To protect the data, the Operator regularly makes backup copies.
  7. Regular updates of all software used by the Operator to process data, in particular regular updates of software development components, are an essential element of data protection.

3. Hosting

  1. The website is hosted (technically maintained) on the servers of the following operator: cyberFolks.pl

4. Your rights and additional information concerning the use of data

  1. In certain situation the Controller may transfer your personal data to other recipients if this is necessary for the performance of the concluded contract or for the fulfilment of obligations by the Controller. Data can be transmitted to the following groups of recipients:
  • to a hosting company (entrusted data)
  • authorised employees or partners who need the data to ensure proper operation of the website
  1. Your personal data will be processed by the Controller not longer than required for the completion of activities indicated in separate provisions of law (e.g. accounting regulations). As concerns marketing purposes, data will not be processed longer than for 3 years.
  2. You have the right to:
  • access your personal data,
  • rectify your personal data
  • delete your personal data,
  • restrict processing,
  • data portability
  1. You have the right to object to processing of personal data based on section 3.3(c) where such data is processed for the purposes of legitimate interest pursued by the Controller, including to profiling, with the reservation that the right to object cannot be exercised when the Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, in particular for the establishment, exercise or defence of legal claims.
  2. You can lodge a complaint against the activities of the Controller with the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warszawa.
  3. Provision of personal data is voluntary but necessary for the operation of the website.
  4. You may be subject to a decision based solely on automated processing, including profiling in order to be provided services under the concluded contract and for direct marketing purposes.
  5. Personal data are not transmitted to third countries, as defined in the relevant data protection regulations. This means that we don’t send data outside the European Union.

5. Data provided via the online forms

  1. The website only collects data, including personal data, provided voluntarily by users.
  2. The website may collect information concerning connection parametres (time of visit, IP address).
  3. In some cases, the server may store information that makes it possible to link the data provided via the form by a user with this user’s e-mail address. In such event, the user’s e-mail address is integrated with the url of the site containing the form.
  4. The data provided via an online form are processed for the purposes connected to the function of a specific form, e.g. to handle a service inquiry, contact the customer, register services, etc. The context and description of a form always inform clearly what its purpose is.

6. Data Controller’s logs

  1. Data concerning user behaviour on the website may be logged. These data are used for website administration purposes.

7. Significant marketing techniques

  1. The Operator carries out a statistical analysis of website traffic using Google Analytics (Google Inc. with registered office in the USA). The Operator doesn’t transmit personal data but only sends anonymous information to the provider of this service. The service relies on the use of cookie files on the end device of a user. As far as information user preference information collected by a Google ad network is concerned, the user may view and edit information resulting from cookie files using the tool available at https://www.google.com/ads/preferences

8. Cookie files

  1. The website uses cookie files.
  2. Cookie files are IT data, in particular text files, which are stored on the end device of a website user and are designed to facilitate the use of the website. Cookie files usually store the name of the website from which they originate, time of storage on the end device, and a unique ID.
  3. Cookies are created on the end device of the website user and accessed by the website operator.
  4. Cookie files are used for the following purposes:
  • maintaining a session of a website user (after logging in); thanks to this, the user does not have to type in their login details and password on each sub-page;
  • achievement of the purposes defined above, in the section “Significant marketing techniques”;
  1. The website uses two main types of cookie files: session cookies and persistent cookies. Session cookies are temporary files which are stored on a user’s end device until they log out, leave a website or stop using software (close an online browser). Persistent cookie files are stored on a user’s end device for the time defined in their parametres or until they are removed by the user.
  2. By default, a web browser allows for storing cookie files on the end device of a user. Website users may change the relevant settings. A web browser makes it possible to remove cookie files. It is also possible to automatically block cookie files. Detailed information can be found in the support section or in the documentation of a web browser.
  3. Restricting the use of cookie files may have an effect on some functionalities of the website.
  4. Cookie files stored on the end device of a website user may also be used by entities cooperating with the website operator, including in particular: Google (Google Inc. with its registered office in the USA), Facebook (Facebook Inc with its registered office in the USA), Twitter (Twitter Inc. with its registered office in the USA).

9. Cookie files management – how to give and withdraw consent?

  1. If a user doesn’t want to allow cookie files, they may change the browser settings appropriately. Be aware that disabling cookies which are necessary for the authentication, security and maintenance of user preferences may make the use of websites more difficult or even impossible.
  2. To manage your cookie file settings, choose the web browser from the list below and follow the instructions:

For mobile devices: