Privacy Policy, GDPR, and Cookie Usage
§ 1. General Provisions
- The privacy policy and cookie usage on the website healthytouch.pl (hereinafter referred to as “Policy”) have been created and adopted by Puzzle Studio / Healthy Touch Oleh Kazymyrchuk.
- The terms used in the Policy mean:
- Website: the website healthytouch.pl;
- User: an entity using the publicly available Website;
- Owner: Puzzle Studio / Healthy Touch Oleh Kazymyrchuk, Grunwaldzka 1/11, 35-068 Rzeszów, NIP: 5170393863
- Cookies: text files sent by the Website and stored on the User’s end device, from which the User uses while browsing websites. Files contain information necessary for the proper functioning of the Website. Cookies usually include the domain name of the website, the time they are stored on the end device, and a number;
- The purpose of the Policy is, in particular:
- to provide Users with information regarding the use of Cookies on the Website, as required by the law, including the Telecommunications Law;
- to ensure Users’ privacy protection in accordance with the standards and requirements specified in applicable legal regulations.
- The Owner limits the collection and use of information about Users to the necessary minimum required to provide services to them.
- To gain full access to the content and services offered by the Owner through the Website, it is advisable to accept the principles arising from the Policy. Acceptance can be made through the settings of the software installed on the User’s device or service configuration.
- The following laws apply, among others:
- the Telecommunications Law of July 16, 2004 (Journal of Laws 2017.1907 as amended);
- the Act of July 18, 2002, on the provision of electronic services (Journal of Laws 2017.1219 as amended);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119 of 4.5.2016) together with Polish regulations on personal data protection.
- Act of May 10, 2018, on the protection of personal data (Journal of Laws 2019 item 1781 as amended).
§ 2. Privacy and Personal Data Protection
User data is processed by the Owner in accordance with the law. Personal data obtained by the Owner is processed based on the User’s consent or the occurrence of another legal basis for data processing according to the regulations, especially the Regulation.
- The Owner takes special care to protect the interests of individuals whose data is concerned, ensuring that such data is:
- processed lawfully, fairly, and transparently to Customers and other individuals whose data is concerned;
- collected for specific, explicit, and legally justified purposes and not further processed in a manner incompatible with those purposes;
- adequate, relevant, and limited to what is necessary for the purposes for which it is processed;
- accurate and, if necessary, kept up to date;
- stored in a form that allows the identification of the person to whom the data relates, for a period no longer than necessary for the purposes for which the data is processed;
- processed in a way that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures.
- The Owner employs appropriate technical and organizational measures to ensure the protection of processed personal data appropriate to the nature, scope, context, and purposes of processing, as well as the risk of violation of the rights or freedoms of individuals.
- The Owner strives for the systematic improvement of the applied IT, technical, and organizational means of protecting this data, particularly by ensuring updates to IT security measures to guard against viruses, unauthorized access, and other threats arising from the functioning of the IT system and telecommunication networks.
- The Owner may process, among other things, the following customer personal data necessary for initiating, shaping the content of, changing, or terminating an agreement:
- customer’s surname and first name(s);
- permanent address;
- mailing address if different from the permanent address;
- the right to object to processing or to limit processing;
- customer’s email addresses;
- phone number;
- With the customer’s consent and for advertising, market research, and analysis of customer behavior and preferences to improve the quality of services provided by the Owner, the Owner may process other customer data that is not necessary for the provision of electronic services.
- Each User who has provided their data to the Owner in any way is provided access to the data and the exercise of other rights of individuals whose data is concerned, in accordance with applicable laws. These rights include:
- the right to withdraw consent regarding the processing of personal data;
- the right to information about their personal data;
- the right to control data processing, including its completion, updating, correction, deletion;
- the right to object to processing or to limit processing;
- the right to lodge a complaint with the supervisory authority and to use other legal remedies to protect their rights.
- The Owner may process personal data in an automated manner, including profiling, based on the rules arising from the Regulation. In such a case, the Owner’s actions are aimed at marketing goals or the need for personalizing messages sent to Users (including adapting information to the needs or expectations of the User). The User has the right to object to such processing of their data, and this objection can be expressed by sending a message to the Owner.
- A person with access to personal data processes it solely on the authorization of the Owner or a data processing agreement and only on the Owner’s instructions.
- In connection with the operation of the Service, the Owner uses the services of other entities, including to fulfill the agreement with the User. User personal data may be transferred to:
- hosting company,
- software provider for the Service,
- internet service providers,
- companies providing courier or postal services,
- electronic payment platform providers,
- software providers for invoicing,
- entities providing accounting services,
- providers of marketing or advertising services.
§ 3. Cookies
- Cookies identify the User, allowing the adaptation of the content of the website they are using to their needs. By remembering their preferences, Cookies enable the proper customization of content, including advertisements directed at them. The Owner uses Cookies to ensure the appropriate standard of comfort of the Service, and the collected data is used solely within the company for optimization purposes.
- Cookies are used for:
- adapting the content of the Service to the User’s preferences;
- optimizing the use of the Service, especially by recognizing the User’s end device,
- creating statistics,
- maintaining the User’s session,
- delivering advertising content to the User.
- The Owner processes statistical information regarding the use of the Service, including session information, IP address, the amount of time spent on individual pages and subpages, the use of specific service functionalities, and information about the device and web browser. These data are processed in accordance with Article 6(1)(f) of the Regulation, in the legitimate interest of the administrator, which involves facilitating the use of the Service, improving the quality and functionality of the services provided. The processing of this data does not infringe on the rights and freedoms of Users. Information about Users is not used for any additional purposes.
- These data are processed as part of the Owner’s ongoing activities, but no longer than 60 days from the receipt of information. After this period, the Owner may continue to process general statistical data that will be devoid of any information regarding individual Users.
- It should be noted that in some cases, the software installed by the User on their end device, used for browsing websites (e.g., a web browser), automatically stores Cookies on the User’s end device. Users can change Cookie settings at any time. These settings can be changed, among other things, to block automatic Cookie settings or to be informed about their placement on the User’s end device each time. Detailed information in this regard is available in the software settings and instructions (web browser).
- The User has the option to disable or restore the option of collecting Cookies by changing the settings of their device and web browser regarding the use of Cookies or other similar technologies.
- Changing the settings constitutes an objection, which may cause difficulties in using the Service in the future. Completely disabling the option to accept Cookies will not mean the inability to browse the content posted on the Service, except for those that require logging in.
- Failure to change the settings means that data will be placed on the User’s end device (using the Service will automatically place Cookies on the User’s end device).
- Cookies are stored on User devices for no longer than 12 months.
- The stored data placed on the User’s end device does not cause any configuration changes to the User’s end device or the software installed on it.
- Information about Cookies also applies to other similar technologies used within the Service.
§ 4. Complaints
- Complaints can be submitted to the Owner electronically at the address yana@healthytouch.com.
- There is the possibility of using out-of-court methods of complaint resolution and claims enforcement in legal relationships with Consumers, including:
- the possibility of resolving disputes electronically using the Online Dispute Resolution (ODR) platform, available at https://ec.europa.eu/consumers/odr/main/index.cfm?event=main.home2.show&lng=PL;
- the possibility of conducting out-of-court proceedings before a common court or other authorities.
- The Owner undertakes to consider the complaint within 14 days.
- If the complaint is accepted, the Owner will take appropriate actions.
- In order to process complaints, the Owner processes the personal data of Users submitting complaints, especially email address, first name, last name, the content of the complaint, circumstances of the incident that is the cause of the complaint, information obtained during the consideration of the complaint, including clarifying the incident that is its cause. In the course of processing complaints, the Owner may process a variety of other information, including information about the User’s use of the Services, cookies or other similar technologies, and information about devices. This data is processed in accordance with Article 6(1)(b) of the Regulation for the purpose of handling complaints and is processed for the time necessary to consider the complaint and, after the end of the complaint procedure, for archiving purposes in accordance with the Accounting Act if necessary to defend against any claims against the service provider.
- In the case of conducting explanatory proceedings regarding a possible violation of the provisions of the Regulations, Policy, or legal regulations, rules of social coexistence, or good manners, the Owner may process the personal data of the User until the end of the ongoing proceedings and until the expiration of the limitation period for claims, which is usually 3 years but may be longer in special cases provided for by law. This data will then be processed, including disclosed, in accordance with Article 6(1)(f) of the Regulation, i.e., in the legitimate interest of the administrator consisting in pursuing its claims against the User. The legitimate interest of the administrator will then be the overriding objective in relation to the rights and freedoms of the User.
§ 5. Final Provisions
- The Policy was adopted by order of the Owner and comes into effect on January 1, 2021. Changes to the content of the Policy may be made in the same manner.
- Any deviations from the Policy require written form under the penalty of invalidity.
- The law applicable to the Policy is the law of the Republic of Poland.
- Matters not regulated in the Policy are subject to the relevant provisions of the law.