General information. This policy applies to the Website operating at the following URL: bodyspace.eu. The operator of the Website and the controller of personal data is: Body Space Spółka z ograniczoną odpowiedzialnością (Body Space Limited Liability Company) Podleska 51, 43-190 Mikołów, Poland Operator’s contact e-mail address: mateusz@bodyspace.eu The Operator is the Controller of your personal data with respect to data provided voluntarily on the Website. The Website uses personal data for the following purposes: Handling inquiries submitted via contact forms; Fulfilment of ordered services. The Website collects information about users and their behaviour in the following ways: By means of data voluntarily entered in forms, which are entered into the Operator’s systems; By storing cookies on end-user devices.
Selected data protection methods applied by the Operator Login pages and data-entry pages are protected at the transport layer (SSL certificate). As a result, personal data and login credentials entered on the site are encrypted on the user’s computer and can be read only on the destination server. Personal data stored in the database are encrypted in such a way that only the Operator in possession of the key can read them. This protects the data in the event of database exfiltration from the server. The Website uses two-factor authentication as an additional measure to protect access to the Website. The Operator periodically changes its administrative passwords. To protect data, the Operator regularly performs backups. An important element of data protection is the regular updating of all software used by the Operator to process personal data, in particular regular updates of software components.
Hosting The Website is hosted (technically maintained) on the Operator’s servers: OVH. The hosting company, in order to ensure technical reliability, maintains server-level logs. The following may be logged: resources identified by URL (addresses of requested resources — pages, files); time the request was received; time the response was sent; client workstation name — identification performed by the HTTP protocol; information about errors that occurred during HTTP transactions; the URL of the page previously visited by the user (referer link) — when the visit to the Website resulted from a link; information about the user’s browser; information about the IP address; diagnostic information related to the process of self-ordering services via registrars on the site; information related to handling email sent to and sent by the Operator.
Your rights and additional information on how data are used In certain situations the Controller has the right to disclose your personal data to other recipients if this is necessary to perform a contract concluded with you or to fulfil obligations incumbent on the Controller. This applies to the following groups of recipients: the hosting company (on the basis of a data processing agreement); authorised employees and collaborators who use the data in order to carry out the Website’s activities; companies providing marketing services to the Controller. The Controller will not process your personal data for longer than is necessary to carry out the activities associated with them as required by separate regulations (e.g. accounting rules). With respect to marketing data, data will not be processed for longer than 3 years. You have the right to request from the Controller: access to your personal data; rectification of your personal data; erasure of your personal data; restriction of processing; data portability. You have the right to object to processing indicated in point 3.2 with respect to processing of personal data for the purposes of the Controller’s legitimate interests, including profiling, provided that the right to object cannot be exercised where there are overriding legally justified grounds for processing that prevail over your interests, rights and freedoms, in particular for establishing, pursuing or defending legal claims. You have the right to lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warsaw. Providing personal data is voluntary but necessary for the operation of the Website. Automated decision-making, including profiling, may be carried out in relation to you for the purpose of providing services under the concluded contract and for the Controller’s direct marketing. Personal data are transferred to third countries within the meaning of data protection regulations. This means that we transmit them outside the territory of the European Union.
Information in forms The Website collects information provided voluntarily by the user, including personal data if they are submitted. The Website may record connection parameters (timestamp, IP address). In some cases, the Website may record information that facilitates linking data in the form with the e-mail address of the user who completed the form. In such cases the user’s e-mail address may appear inside the URL of the page containing the form. Data provided in a form are processed for the purpose arising from the function of the given form, e.g. to process a service request, business contact, registration of services, etc. Each form’s context and description clearly inform what it is used for.
Administrator’s logs Information about users’ behaviour on the Website may be logged. These data are used for the administration of the Website.
Significant marketing techniques The Operator uses statistical analysis of traffic on the site via Google Analytics (Google Inc., based in the USA). The Operator does not provide personal data to the operator of this service, only anonymised information. The service relies on the use of cookies on the user’s end device. Regarding information about user preferences collected by Google’s advertising network, the user may view and edit information resulting from cookies using the tool at: https://www.google.com/ads/preferences/ The Operator uses remarketing techniques that allow advertising messages to be tailored to user behaviour on the site. This may create the impression that a user’s personal data are used to track them; in practice no personal data from the Operator are transferred to advertising operators. The technological condition for such activities is that cookies are enabled. The Operator uses the Facebook pixel. This technology causes the Facebook service (Facebook Inc., based in the USA) to know that a person registered there visited the Website. It is based on data for which Facebook itself is the controller; the Operator does not transmit any additional personal data to Facebook. The service relies on cookies on the user’s end device. The Operator uses solutions automating the Website’s actions with respect to users, e.g. sending an e-mail to a user after visiting a specific subpage, provided the user has consented to receive commercial correspondence from the Operator.
Information about cookies The Website uses cookies. Cookies are information technology data, in particular text files, that are stored on the end device of the Website User and are intended for use with the Website. Cookies usually contain the name of the website they come from, the time they are stored on the end device and a unique number. The entity placing cookies on the Website User’s end device and having access to them is the Operator of the Website. Cookies are used for the following purposes: maintaining the user’s session on the Website (after logging in), so the user does not have to re-enter their login and password on each page; performing the purposes set out above in the “Significant marketing techniques” section. Two main types of cookies are used on the Website: “session” cookies and “persistent” cookies. Session cookies are temporary files stored on the user’s end device until logout, leaving the Website, or closing the browser. Persistent cookies are stored on the user’s end device for the period specified in the cookie parameters or until they are deleted by the user. Web browser software usually allows cookies to be stored by default. Website Users may change these settings. Browsers allow the deletion of cookies. It is also possible to block cookies automatically. Detailed information about this is available in the browser’s help or documentation. Restrictions on the use of cookies may affect some functionalities available on the Website. Cookies placed on the user’s end device may also be used by entities cooperating with the Operator, in particular: Google (Google Inc., based in the USA), Facebook (Facebook Inc., based in the USA), Twitter (Twitter Inc., based in the USA).
Managing cookies — how to give and withdraw consent in practice? If the user does not want to receive cookies, they may change their browser settings. Please note that disabling cookies necessary for authentication, security, and maintaining user preferences may hinder, and in extreme cases may make impossible, the use of the Website. To manage cookie settings, choose from the list below the browser you use and follow the instructions: Edge, Internet Explorer, Chrome, Safari, Firefox, Opera Mobile devices: Android, Safari (iOS), Windows Phone
This privacy policy template was generated free of charge for informational purposes based on our knowledge, industry practice and the law in force on 2018-08-14. We recommend reviewing the template before using it on your Website. The template is based on the most common situations found on websites but may not reflect the full and exact specifics of your Website. Read the generated document carefully and, if necessary, adapt it to your situation or seek legal advice. We accept no responsibility for the effects of using this document, because only you are in a position to confirm whether all information contained in it is true. Also note that the Privacy Policy, even when well drafted, is only one element of your care for personal data and user privacy on the Website.
