I. BASIC TERMS Administrator - KUBU WELLNESS COMPANY JOANNA SZERASZEWICZ-KUCHARSKA e-mail address:hottubs@kubu-wellness.com
User - any natural person whose personal data is processed by the Administrator,
Personal data - all information about a natural person identified or identifiable by one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity, as well as device IP, location data, internet identifier and information collected using via cookies and other similar technology.
GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and the repeal of Directive 95/46 / EC.
Website - an IT solution located at the Internet address https://kubu-wellness.com, which includes, among others a complex of services provided electronically to Users.
Processing of personal data - any operations performed on personal data, such as collecting, recording, storing, developing, changing, sharing and deleting, especially those performed in IT systems.
Breach of personal data protection - a breach of security leading to accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise processed.
II. PROCESSING OF PERSONAL DATA AND INFORMATION ON FORMS
1. The personal data of the Website Users may be processed by the Data Administrator in the case of:
a) when the Website User consents to it in the forms posted on the Website, in order to take actions to which these forms relate (Article 6 (1) (a) of the GDPR);
b) when processing is necessary to perform a contract to which the Website User is a party (Article 6 (1) (b) of the GDPR);
c) in order to handle complaints - the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the GDPR);
d) in order to fulfill the legal obligation incumbent on the Administrator (Article 6 (1) (c);
e) in order to possibly establish and pursue claims or defend against them - the legal basis for processing is the Controller's legitimate interest in protecting his rights (Article 6 (1) (f) of the GDPR);
f) for the Administrator's marketing purposes, consisting in informing the User about the current offer and new functionalities of the Website - the legal basis for processing is consent (Article 6 (1) (a) of the GDPR).
2. The Administrator processes the personal data of the Website Users to the extent necessary for the purposes set out in point 1 above and for the period necessary to achieve these purposes, or until the Website User withdraws their consent. Failure to provide data by the Website User may, in some situations, result in the inability to achieve the purposes for which the provision of data is necessary.
3. The Administrator may send commercial electronic letters, provided that the Website User has agreed to it.
4. The administrator uses technical and organizational measures to protect the personal data being processed.
5. The following personal data of the Website User may be collected using the forms available on the Website or in order to perform contracts that may be concluded on the Website: name, surname, e-mail address, telephone number.
6. The data contained in the forms, provided to the Administrator by the Website User, may be transferred by the Administrator to third parties cooperating with the Administrator in connection with the implementation of the goals set out in point 1 by the Administrator.
7. A third party with access to personal data processes them only on the basis of a contract for entrusting the processing of personal data and only at the request of the Administrator.
8. The data provided in the forms on the Website are processed for purposes resulting from the function of a specific form, and may also be used by the Administrator for archival and statistical purposes. The consent of the data subject is expressed by checking the appropriate window in the form.
9.The Website User, if the Website provides for it, by checking the appropriate window in the registration form, may refuse or consent to receive commercial information via electronic means of communication, in accordance with the Act of July 18, 2002 on the provision of services by electronic (Journal of Laws of 2002, No. 144, item 1024, as amended). If the Website User has consented to receive commercial information by means of electronic communication, he has the right to withdraw such consent at any time. The right to withdraw consent to receive commercial information is carried out by sending an appropriate request by e-mail to the Administrator's address, in particular by clicking on the deactivation link included in each e-mail sent to the User as part of this service.
10. The Administrator processes the personal data of Users visiting the Administrator's profiles in social media (Facebook, Instagram, YouTube, Twitter, Google+, Linkedin). These data are processed in order to inform Users about the Administrator's activity, offering services, and to communicate with Users via the tools available on social media. The legal basis for the processing of personal data for this purpose is the Controller's legitimate interest (Article 6 (1) (f) of the GDPR) consisting in promoting its own brand and offered services as well as building and maintaining a brand-related community.
11. As part of the Website, the Administrator may automatically adjust certain content to the User's needs, ie perform profiling, using the personal data provided by him. This profiling consists primarily in the automatic assessment of what products he may be interested in, based on his previous activities on the Internet, including on the Administrator's websites, and displaying product advertisements profiled in this way. Profiling performed by the Administrator does not result in making decisions that cause legal effects for the User or affect him in a similarly significant way.
III. USERS 'RIGHTS
Pursuant to Art. 15 - 22 GDPR, everyone whose data is processed has the following rights:
1. The right to information about the processing of personal data - the person making such a request, the Administrator provides information on the processing of personal data, about the purposes and legal grounds for processing, the scope of data held, entities to whom personal data are disclosed and the planned date of their removal;
2. The right to obtain a copy of the data - the Administrator provides a copy of the processed data concerning the person submitting the request, as long as it is possible and does not infringe the rights of third parties;
3. The right to rectify - the User has the right to submit a request for the removal of inconsistencies or errors regarding the personal data being processed, and to supplement or update them if they are incomplete or have changed;
4. The right to delete data - the User may request the deletion of data, the processing of which is no longer necessary to achieve any of the purposes for which it was collected;
5.The right to limit processing - on this basis, the Administrator may cease operations on personal data, with the exception of operations for which the data subject has consented and their storage, in accordance with the adopted retention rules, or until the reasons for limiting data processing cease to exist. (e.g. a decision of the supervisory authority will be issued, allowing for further data processing);
6. The right to transfer data - on this basis, to the extent that the data is processed in connection with the concluded contract or consent, the Administrator may issue data provided by the data subject;
7. The right to object to the processing of data for marketing purposes - the data subject may at any time object to the processing of personal data for marketing purposes, without the need to justify such objection;
8. The right to object to other purposes of data processing - the data subject may object to the processing of personal data at any time. The objection in this respect should contain a justification and is subject to the Administrator's assessment;
9. The right to withdraw consent - if the data is processed on the basis of consent, the data subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before the consent was withdrawn;
10. Right to a complaint - if it is found that the processing of personal data violates the provisions of the GDPR or other provisions on the protection of personal data, the data subject may submit a complaint to the supervisory body - the President of the Office for Personal Data Protection (https: // uodo. gov.pl/pl/p/kontakt).
An application regarding the exercise of the rights of data subjects may be submitted:
- By e-mail to the following address: hottubs@kubu-wellness.com
- The answer to the application will be given within one month of its receipt. If it is necessary to extend this period, the Administrator will inform the applicant about the reasons for such extension.
- The answer will be given to the e-mail address from which the application was sent, and in the case of applications sent by letter, by registered mail to the address indicated by the applicant, unless the content of the letter indicates a desire to receive feedback to the e-mail address (in this case, please provide e-mail adress).
IV. COOKIES AND SIMILAR TECHNOLOGY
1. The website uses cookies.
2. Cookie files (so-called "cookies") are IT data, in particular text files, which are stored on the Website User's end device and are intended for the use of the Website's pages. Cookies usually contain the name of the website they come from, the storage time on the end device and a unique number.
3. Cookies are used, among others for the purposes of:
a) creating statistics that help to understand how Website Users use websites;
b) maintaining the Website user's session, thanks to which the User does not have to re-enter the login and password on each subpage of the website;
c) determining the user's profile in order to display him matched materials in advertising networks, in particular the Google network.
4. The Website uses two basic types of cookies: session cookies and persistent cookies. Session cookies are temporary files that are stored on the User's end device until logging out, leaving the website or turning off the software (web browser). Persistent cookies are stored on the User's end device for the time specified in the cookie file parameters or until they are deleted by the User.
5. Software for browsing websites (web browser) usually allows cookies to be stored on the User's end device by default. Website Users can change the settings in this regard. The web browser allows you to delete cookies. It is also possible to automatically block cookies.Detailed information on this subject can be found in the help or documentation of the web browser.
6. The administrator uses the services of third parties, the list of which is constantly changing, and which may use cookies, including for the following purposes:
- monitoring traffic on the Administrator's websites;
-collecting anonymous, aggregate statistics that allow to understand how Users use the Administrator's website,
- controlling how often the selected content is shown to users;
- controlling how often users choose a given service;
-searching for subscriptions to newsletters;
-using a communication tool;
-integration with the community portal;
- internet payments.
8. The User may manage cookies used by the Administrator or by any other external suppliers by changing the settings of his web browser.
V. SERVER LOGS
1. Using the website involves sending queries to the server on which the website is stored. Each query directed to the server is saved in the server logs.
2. Logs include User's IP address, server date and time, information about the web browser and operating system he uses. Logs are saved and stored on the server.
3. The data stored in the server logs are not associated with specific people using the website and are not used by the Administrator to identify the User.
4. The server logs are only auxiliary material used to administer the website, and their content is not disclosed to anyone except those authorized to administer the server.
V. FINAL PROVISIONS.
1. The privacy policy is verified on an ongoing basis and updated if necessary.
2. The privacy policy is valid from 01/01/2022.