§1 DEFINITIONS
For the purposes of this document, the meaning of the following terms is established:
1. Administrator – personal data administrator,
2. User – any person who directly or indirectly uses the Administrator’s services,
3. Personal Data – any information relating to an identified or identifiable natural person,
4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (general regulation on data protection) (Journal of Laws of the European Union of 2016 No. 119, p. 1), introduced into the Polish legal system – by the Act of May 24, 2018 on the protection of personal data (Journal of Laws of 2018 , item 1000),
5. Privacy Policy – the document in question placed on the website: https://kaktus.studio/en/privacy-policy,
6. Website – https://kaktus.studio.
§2 BASIC INFORMATION
1. The administrator of personal data is Sulika Frankiewicz, running a business under the name QUANTUS Sulika Frankiewicz with its registered office in Niepołomice (address: 2f Prosta street, 32-005 Niepołomice, Poland), NIP: PL5992764794, e-mail: kaktus@kaktus.studio.
2. The administrator may process personal data of persons under the age of 16, provided that the legal guardian (eg parent) of such person agrees (Article 8 of the GDPR).
3. If the User does not agree with the Privacy Policy, and in particular does not consent to the processing of his personal data, he should immediately report it to the Administrator.
4. The Administrator informs that at any time he may change the provisions of the Privacy Policy in order to adapt it to the currently applicable regulations and the Administrator’s current activity.
5. The current content of the Privacy Policy is available at: https://kaktus.studio/en/privacy-policy.
§3 OBJECTIVES AND BASIS FOR PROCESSING OF PERSONAL DATA
1. The Administrator processes Personal Data based on the following provisions:
- art. 6 sec. 1 lit. a GDPR (consent expressed by the data owner),
- art. 6 sec. 1 lit. b (in order to prepare and perform a contract or order),
- art. 6 sec. 1 lit. c (fulfillment of the legal obligation imposed on the Administrator),
- art. 6 sec. 1 lit. f (legitimate interest of the Administrator).
2. Administrator. respects the right to privacy and takes care of data security, through, inter alia, secure communication encryption protocol (SSL).
3. Users’ personal data are processed:
- in accordance with the provisions on the protection of personal data,
- in accordance with the implemented Privacy Policy,
- to the extent and for the purpose necessary to establish contact with Users, prepare a contract to commission services to the Administrator, implement or amend the concluded contract between the User and the Administrator, terminate the contract or correctly perform the contract,
- to the extent and for the purpose necessary to fulfill legitimate interests (legitimate purposes), and the processing does not violate the rights and freedoms of the data subject, however, for the purpose and scope of the consent expressed by the User,
- in terms of the image of the Users – in order to advertise and present the Administrator’s work as well as prepare and present the portfolio,
- collected for specified, lawful purposes and not subjected to further processing inconsistent with these purposes,
- factually correct and adequate in relation to the purposes for which they are processed and stored in a form that allows the identification of persons to whom they relate, no longer than it is necessary to achieve the purpose of processing,
- collected and processed on the basis of “minimization”, i.e. the Administrator processes only the amount of Users’ Personal Data that is necessary to achieve the intended purpose.
4. Personal data processed by the Administrator are:
- in the scope of Users with whom the Administrator has concluded a contract and acts on their behalf – name and surname, address, e-mail address, telephone number, correspondence address, NIP (in the case of issuing an invoice), image,
- in the scope of Users with whom the Administrator has not concluded a contract and does not act on their behalf – name and surname, address, e-mail address, telephone number, correspondence address, image (the amount of data processed will depend on the reason for contact with such User and at the same time will be minimized).
5. Personal data processed by the Administrator will be kept for the period of:
- necessary for the execution of the order,
- pursuing possible claims,
- resulting from legal regulations, in particular tax and accounting,
- preventing abuse and fraud,
- statistical and archiving,
- portfolio presentation and posting of photos on websites.
6. The user has the right to access his data, rectify, delete or limit processing, the right to object, the right to lodge a complaint to the supervisory body.
7. The administrator informs that he has the right to process the User’s data also after the termination of the contract or withdrawal of consent to processing, only to the extent provided for by law and for the purpose of pursuing any claims.
8. The Administrator has the right and at the same time a legal obligation to disclose the User’s Personal Data at the request of entities authorized under the relevant provisions (eg courts, police, prosecutor’s office).
9. Deletion of Personal Data may take place as a result of the User’s statement regarding the withdrawal of consent or filing a legally admissible objection to the processing of Personal Data or on its own initiative by the Data Administrator, in a situation where it considers that there is no need or obligation to further process the User’s personal data.
10. In the scope of the User’s application for the removal of photos with the User’s image, it is necessary to declare the User together with the exact numbers of the photos and the place of their publication.
11. The Administrator will not disclose Users’ Personal Data to third parties, except for those indicated in the document in question and resulting from legal provisions.
12. Personal data is processed only by the Administrator and persons authorized by the Administrator (cooperating with the Administrator).
13. Each time the provision of personal data is voluntary, but it may be necessary to contact the Administrator with the User and, consequently, to perform the contract.
§4 COOKIE FILES
1. The Administrator’s website uses cookies (small text files sent by the website and stored by the browser software of a given device.
2. The Administrator uses cookies for functional, analytical or advertising purposes.
3. The collected information relates to the IP address, type of browser used, language, type of operating system, Internet service provider, information about time and date and location.
4. The collected data is used to:
- monitoring and checking how Users use the Administrator’s website, which allows for a better experience of using the website (e.g. streaming the Vimeo player from a server located closer to the User),
- statistical purposes (Google Analitycs) that allow for better adjustment of the content to the Users,
- advertising purposes (Facebook Pixel), which can allow you to personalize the goals of advertising campaigns on Facebook.
5. The user may at any time disable or restore the option of collecting cookies by changing the settings in the web browser.
6. Using the website and viewing its content does not require providing any personal data.
7. Cookies used: .kaktus.studio, .facebook.com, .vimeo.com, .akamaized.net.
§5 COOPERATION
1. The Administrator does not disclose the User’s Personal Data to other entities, subject to the methods and entities indicated in the document in question.
2. Personal data is made available to: entities and subcontractors providing legal, IT and accounting, photographic and film services for the purpose of servicing the Administrator.
3. The Administrator makes every effort to ensure that all entities entrusted with the processing of personal data by the Administrator guarantee the application of appropriate measures for the protection and security of personal data required by law.
4. The administrator informs that for statistical purposes he uses the Google Analytics tracking code.
§6 COPYRIGHT
1. The photo and video material posted on the website is the sole property of the Administrator and is protected under the Act of February 4, 1994 on copyright and related rights (Journal of Laws of 1994, No. 24, item 83, as amended). Copying and disseminating materials posted on the Administrator’s website and in the Administrator’s social media, without the Administrator’s express consent, is prohibited.
§7 INFORMATION OBLIGATION
By fulfilling the information obligation resulting from the GDPR, the Administrator informs that:
1. The administrator of personal data is Sulika Frankiewicz, running a business under the name QUANTUS Sulika Frankiewicz with its registered office in Niepołomice (address: Prosta 2f, 32-005 Niepołomice), NIP: 5992764794, e-mail: kaktus@kaktus.studio.
2. Personal data is processed on the basis of the provisions of art. 6 sec. 1 lit. b) GDPR, i.e. when this processing is necessary for the performance of the contract or taking steps prior to the conclusion of the contract, as well as for accounting purposes (data stored due to the 5-year legal obligation to have accounting documentation legal basis Article 74 of the Act of September 29, 1994 on accounting (Article 6 (1) (c) of the GDPR).
3. The provided personal data will be stored for the period of activities prior to the conclusion of the contract, for the duration of the contract for the provision of a given service and the period of data processing for accounting purposes.
4. Providing personal data is voluntary, but necessary for the Administrator to provide services (ie necessary to conclude and perform contracts for the provision of these services).
5. Personal data in connection with the conclusion and performance of the contract for a given service will not be profiled.
6. Every person, to the extent resulting from the provisions of law, has the following rights:
- the right to access and correct data (Article 15 of the GDPR),
- the right to request the deletion of data (“the right to be forgotten”) (Article 17 of the GDPR),
- the right to limit processing (Article 18 of the GDPR),
- the right to transfer data (Article 20 of the GDPR),
- the right to object to the processing of your personal data (Article 21 of the GDPR),
- the right to lodge a complaint with the supervisory authority (the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw).