General Provisions

This Policy sets out the rules for processing personal data obtained through the Internet Platform (“Platform”) and in connection with the provision of services related to the Platform by the Administrator. Unless otherwise specified in this Policy, the terms defined in uppercase letters in the Terms and Conditions also apply to this Policy. The administrator of personal data within the meaning of the data protection regulations is Mateusz Tomaszewski (hereinafter referred to as the “Administrator”). The legal basis for the processing of personal data by the Administrator is: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC - General Data Protection Regulation (hereinafter referred to as the “Regulation” or “GDPR”). The Act of 10 May 2018 on the protection of personal data Journal of Laws 2019, item 1781 (hereinafter referred to as the “Act”). All matters related to the protection of personal data should be addressed directly to the Administrator via email at: yeyego.inspe@gmail.com. The Administrator takes special care to respect the privacy of the Administrator’s customers (hereinafter referred to as “Users”). The Administrator guarantees the confidentiality of all personal data provided and ensures the implementation of all security measures and the protection of personal data required by data protection regulations, including the Regulation and the Act. Personal data is collected with due care and properly protected against access by unauthorized persons. The Administrator does not make automated decisions in individual cases and does not use profiling of Users. The Administrator does not collect or process sensitive data, referred to in the Regulation as “special categories of personal data.” In case a User submits sensitive data, the Administrator will not process them and will immediately delete them.

User’s Rights

The Platform User has the following rights arising from the processing of their personal data: the right to request access to their personal data – the User has the right to confirm whether the Administrator processes their personal data, and if so, is entitled to access the data and receive information about the data, such as: the purpose of processing, categories of data, information about recipients or categories of recipients to whom the data has been or will be disclosed, the planned retention period for personal data, or the criteria for determining this period; this right also includes the right to receive a copy of the data free of charge (for any subsequent copies requested by the User, the Administrator may charge a reasonable fee based on administrative costs), the right to rectify personal data (when they are incorrect), including a request to supplement incomplete personal data, the right to erasure of personal data (the “right to be forgotten”) in the following circumstances: when the User’s personal data is no longer necessary for the purposes for which it was collected, the User withdraws consent to their processing, and there is no other legal basis for processing the data, the User objects to processing, personal data has been processed unlawfully, personal data must be deleted in order to comply with a legal obligation under Union or Member State law to which the Administrator is subject, personal data has been collected in connection with the offer of information society services, the right to restrict the processing of data when: the User questions the accuracy of personal data (for the period allowing the Administrator to verify the accuracy of this data), the processing is unlawful, and the User opposes the deletion of data, the Administrator no longer needs personal data for processing purposes, but they are necessary for the User to establish, assert, or defend claims, the User has objected to processing until it is determined whether the legal grounds on the part of the Administrator override the User’s objection, the right to object to processing when the User does not want the Administrator to process their personal data, the right to data portability, including receiving from the Administrator personal data provided by the User in a structured, commonly used, machine-readable format, and the right to request that the data be transmitted by the Administrator directly to another Administrator (where technically feasible), the right to withdraw consent to the processing of data at any time (however, withdrawing consent does not affect the legality of processing based on consent before its withdrawal), the right to lodge a complaint with the President of the Personal Data Protection Office if the User believes that the processing of personal data violates the provisions of the Regulation. For any questions related to the processing of personal data and to exercise the above rights, please contact the Administrator via email.

Recipients of Data

For the proper functioning of the Platform and the professional provision of its services, the Administrator needs to use the services of external entities. The Administrator only uses the services of entities that provide sufficient guarantees for the implementation of appropriate technical and organizational measures to ensure compliance with the Regulation and the protection of the rights of data subjects. The Administrator may use the following categories of recipients in particular: providers of accounting, legal, and advisory services (in particular accounting office, law firm, debt collection company), hosting service providers, cloud computing service providers, CRM system providers, invoice system providers, providers of technical, IT, and organizational solutions for the Administrator (in particular providers of computer software for operating the Platform and providing services, email service providers, and providers of company management software and technical support to the Administrator), other entities if the use of their services is necessary for the proper functioning of the Platform and the provision of services by the Administrator. All entities to which the Administrator entrusts the processing of personal data guarantee the use of appropriate measures to protect and secure personal data as required by law. Each of the data processors, in accordance with Article 28(3) of the Regulation, has signed a data processing agreement with the Administrator. The Administrator may be obliged to provide information collected by the Platform to authorized authorities based on legally compliant requests. If there is a legal basis for it, the Administrator may provide the personal data of the User to authentication partners such as Google or Apple when the User logs into the Platform using external services such as Google or Apple.

Processing Purposes, Storage Period, and Data Scope

  1. Purpose of processing: establishing contact with the Administrator via email by the User or another person. Legal basis: Whenever the Regulation applies, these matters are governed by Article 6(1)(a) of the Regulation. Storage period: until the User withdraws consent, and after the withdrawal of consent, for a period corresponding to the statute of limitations for claims that the Administrator may raise and that may be raised against the Administrator. Data scope: first name, last name, email address + data voluntarily provided in the content of the message by the User.

  2. Google Analytics
  3. The Administrator uses Google Analytics tools to create statistics, analyze them, and optimize the operation of the Service. Google Analytics automatically collects information about the use of the Service. The information collected in this way is most often transmitted to Google Analytics servers. When using Google Analytics, the Administrator does not collect any personal data.

  4. More information about data protection at Google, including standard contractual clauses on the basis of which data may be transferred outside the EEA, can be found on the website https://policies.google.com/privacy?hl=en.

  5. Server logs
  6. Using the Service involves sending queries to the server where the Platform is stored. Each query sent to the server is logged.
  7. Logs include, among other things, the User’s IP address, date and time of the server, information about the web browser and User’s operating system. Logs are recorded and stored on the server.
  8. Data recorded in server logs are not associated with specific persons using the Platform and are not used by the Administrator to identify the User.

  9. The above data is used solely for the purpose of administering the server. Server logs are only auxiliary material used for server administration, and their content is not disclosed to anyone other than persons authorized to administer the server.

  10. Final Provisions
  11. This Privacy Policy may be amended, and the Administrator will inform the User in advance.
  12. This Privacy Policy is effective from November 20, 2023.