Privacy policy

socialCAPI.com website

Definitions

Administrator – PIOTR LITWA WEB ANALYST SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with registered office in Gliwice, ul. plebiscytowa 1 / 121, 44-100 Gliwice, KRS: 0001002753, NIP: 6312709007, REGON: 52369233200000, e-mail: iodo@socialcapi.com, phone number: 514 238 897.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Service – service operated by the Administrator at: piotrlitwa.pl

User – any natural person visiting the Service or using one or more services or functionalities described in the Policy.

Data processing

In connection with the User’s use of the Service, the Administrator collects data to the extent necessary to provide individual services. Below are described detailed principles and purposes of processing personal data collected during the User’s use of the Service.

Purposes and legal bases for data processing

Personal data of all Users using the Service (including IP address or other identifiers and information collected through cookies), are processed by the Administrator:

for the purpose of providing electronic services in the scope of making content collected in the Service available to Users – in which case the legal basis for processing is the necessity of processing for the performance of a contract (Article 6(1)(b) GDPR);

for analytical and statistical purposes – in which case the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) GDPR) consisting in conducting analyses of Users’ activity, as well as their preferences in order to improve the applied functionalities and provided services;

for the purpose of possible establishment and pursuit of claims or defense against them – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) GDPR) consisting in the protection of his rights;

User activity in the Service, including his personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and actions concerning the IT system used to provide services by the Administrator). Information collected in logs is processed primarily for purposes related to service provision. The Administrator also processes them for technical, administrative purposes, for ensuring the security of the IT system and managing this system, as well as for analytical and statistical purposes – in this scope, the legal basis for processing is the legally justified interest of the Administrator (Article 6(1)(f) GDPR). The Administrator may make automated decisions regarding data provided by the User, for remarketing and profiling purposes – in this scope, the legal basis for processing is the legally justified interest of the Administrator (Article 6(1)(f) GDPR), while the User has the right to object to the processing of their data in this scope.

Cookies

The Administrator’s Service uses “cookies”. Failure to change settings on the User’s side is equivalent to giving consent to their use. Cookies are short text information saved on a computer, phone, tablet, or other user device. They can be read by the Administrator, as well as by systems belonging to other entities whose services are used (such as Google). Cookies usually contain the name of the website they come from, the time of their storage on the end device, and a unique number. More information about cookies can be obtained at www.allaboutcookies.org.

Cookies used in the service do not store personal data or other information collected from the User. The Service uses cookies to identify the browser session, which enables the use of service functions. The use of “cookies” techniques does not allow downloading any personal and address data of the User or any confidential information from his computer.

Cookies are used for the following purposes: maintaining service security and preventing fraud, facilitating page performance, recording visits for marketing and statistical purposes, using social functions, supporting personalization of websites (e.g., saving language settings). Cookies may also be used and placed by partners cooperating with the Administrator – they are then subject to cookie policies or privacy policies of the entities placing them.

The Administrator reserves the right to use Google Tag Manager for marketing purposes. This involves the use of Google cookies, for example Google Ads codes.

The scope and purpose of data collection, as well as the contact path and implementation of rights or making settings ensuring privacy protection have been described in the privacy policy of individual service providers.

Typically, the web browser allows the use of cookies on the device by default. The Administrator informs that you can change settings in the web browser — completely block automatic handling of cookies or request notification about each placement of cookies on the device.

In case of using Google Chrome, the instruction can be found here – https://support.google.com/chrome/answer/95647?hl=en

In case of using Mozilla Firefox, the instruction can be found here – https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer

In case of using Safari, the instruction can be found here – https://support.apple.com/kb/ph21411?locale=pl_PL

In case of using Microsoft Edge, the instruction can be found here – https://docs.microsoft.com/en-us/microsoft-edge/devtools-guide/debugger/cookies

The Administrator feels obliged to warn that disabling or limiting the handling of cookies may cause difficulties in using the website and limit its functionality.

Login methods

In order to log into the User’s account, the Administrator enables the option of logging in through a Facebook or Google account. For this purpose, the User is transferred to a login window, where they use access data for the account of the selected platform, and after entering correct data, they are transferred to the account on the Administrator’s website. This function allows the Administrator to obtain User data from another digital service provider on which the User already has a verified account, without the need for separate registration. Data processing and their security procedure are carried out on the principles introduced by the administrators of platforms through which the User logs in.

The Administrator also introduces a two-factor authentication (2FA) method requiring two forms of identification to gain access to the account. Authentication takes place using an external application (authenticator), which the User should install on their device. To confirm their identity, the User should enter in the application a code generated on the Website, changing every minute. Two-factor authentication constitutes additional security of access to the User’s account against unauthorized persons.

User data processing

Within the EEA:

Within the Service, User data is processed by entities cooperating with the Administrator, which in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC are obliged to comply with high privacy standards analogous to those contained in the Policy.

For Hotjar Ltd (in connection with the use of the Hotjar tool) (main office address: Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta). Collected data enables analysis, and more information about the tool’s privacy standards is available at https://www.hotjar.com/legal/policies/privacy/

For ePrivacy Holding GmbH (in connection with the use of the Matomo tool) (EU representative address – Große Bleichen 21, 20354 Hamburg, Germany). Collected data enables analysis, and more information about the tool’s privacy standards is available at https://matomo.org/privacy-policy/

Outside the EEA:

Due to the fact that some entities cooperating with the Administrator have offices outside the European Union, and therefore in light of GDPR provisions are treated as so-called third countries. The Administrator ensures that data is transferred to entities from the United States that apply standard contractual clauses.

For Google Inc. (in connection with the use of Google Analytics, Google Ads, Google Tag Manager tools) (main office address: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Collected data prevents identification of a specific person, and more information about the tool’s privacy standards is available at www.google.com/intl/pl/policies/privacy/partners/. Additionally, using the following link: https://tools.google.com/dlpage/gaoptout there is a possibility to disable activity measured by Google Analytics.

For Facebook Inc. (main office address: Facebook Inc., 1601 S. California Ave. Palo Alto, CA 94304, USA) – Collected data, as a rule, prevents identification of a specific person, and more information about the tool’s privacy standards is available at https://www.facebook.com/about/privacy.

For Adobe (in connection with the use of Adobe Launch tool) (main office address: Adobe, 345 Park Avenue, San Jose, CA 95110-2704). Collected data enables further information transfer, and more information about the tool’s privacy standards is available at https://www.adobe.com/privacy/policy.html

For Stripe (in connection with payment system handling)

Thus, the above companies guarantee compliance with standards analogous to the Regulation in the field of personal data protection, and the Administrator’s use of their technologies in processing personal data is in accordance with the law.

Period of personal data processing

The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, data is processed for the duration of service provision or order fulfillment, until the withdrawal of given consent or reporting of effective objection to data processing in cases where the legal basis for data processing is the legitimate interest of the Administrator.

The data processing period may be extended in case processing is necessary to establish and pursue possible claims or defense against them, and after this time only in case and to the extent required by law provisions. After the processing period expires, data is irreversibly deleted or anonymized.

User rights

The User has the right to:

access to data content and request their correction,

data deletion,

restriction of processing,

right to data portability,

right to object to data processing,

right to file a complaint with the supervisory authority – President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw

To the extent that User data is processed based on consent, it can be withdrawn at any time by contacting the Administrator.

The User has the right to object to data processing for marketing purposes, if processing takes place in connection with the legitimate interest of the Administrator, as well as – for reasons related to the User’s particular situation in other cases when the legal basis for data processing is the legitimate interest of the Administrator (e.g., in connection with the implementation of analytical and statistical purposes).

Data recipients

In connection with service implementation, personal data will be disclosed to external entities, including in particular providers responsible for IT system handling and entities related to the Administrator.

In case of obtaining User consent, their data may also be made available to other entities or Administrator’s partners for their own purposes, including marketing purposes.

The Administrator reserves the right to disclose selected information about the User to appropriate authorities or third parties who request such information, based on an appropriate legal basis and in accordance with applicable law provisions.

Contact

Contact with the Administrator is possible at e-mail address: iodo@socialcapi.com or in writing to the Administrator’s registered office address.

Privacy Policy changes

The Policy is continuously verified and updated as needed. The current version of the Policy was adopted and is effective from 09.08.2024.