PRIVACY POLICY

Your presence here indicates that you value your privacy. We understand it perfectly, which is why we provide you with this document containing the rules governing personal data processing, as well as the use of cookies and other tracking technologies connected with the operation of the KREACYJNIE.STUDIO website.

Let’s start with the official information – the website’s administrator is Kreacyjnie Sp. z o.o.: ul. Dominikańska 9, 87-100 Toruń, Polska, VAT/NIP: PL9562390123, KRS: 0001083264

If you have any doubts regarding the privacy policy, you can contact us at any time by sending an e-mail to rafal@kreacyjnie.studio.


THE SHORT VERSION – THE MOST IMPORTANT INFORMATION

We value your privacy, but we also value your time. That is why we have prepared an abridged version of the most important information on the rules related to privacy protection.

  1. We process the personal data that you provide to us by creating a user account, filling a form, placing an order or simply contacting us.

  2. The information that we may have on you includes: name and surname, address of residence, address of the registered office or permanent place of business, NIP number, e-mail address, telephone number, or other data included in the correspondence between us. We are not always in possession of all the data indicated above. Their scope depends on the content of the information forms or simply the messages that you send to us.

  3. We make every effort to ensure that your personal data remains secure and does not fall into unauthorised hands, using appropriate technical and organisational security measures.

  4. We entrust the processing of your personal data only to reliable and proven entities providing personal data processing services.

  5. We do not make any decisions regarding you based exclusively on the automated processing of your personal data, which would have legal consequences for you or which would affect you significantly in a similar way.

  6. You can exercise your rights under the GDPR concerning the processing of your personal data.

  7. We track and analyse your activities on our websites for statistical, optimisation and marketing purposes. We use the following tools for this purpose: Google Analytics. These tools provide us with access to a large amount of information relating to your use of our website, but this information remains anonymous, i.e. we are unable to identify you on the basis of this information. The tools may collect information about you, such as your approximate location, device, operating system, and browser, as well as gender, age range, interests, time spent on the site, transitions between pages, clicks on individual links, and other actions performed on the websites. This information is not collated by us with your personal data and does not allow for your identification. This information may be transferred to the United States of America (USA). The tool providers guarantee an adequate level of data protection through the use of standard contractual clauses and participation in the Privacy Shield Program.

  8. We use tools based on cookies, both our own and third party cookies. These tools provide us with access to a large amount of information relating to your use of our website, but this information remains anonymous, i.e. we are unable to identify you on the basis of this information. These are various analytical, marketing, social and communication tools. Some of these tools are associated with the implementation of special tracking scripts.

  9. You can also manage your cookie settings by installing special add-ons that allow you to control cookies, such as Ghostery (https://www.ghostery.com).

  10. You can also manage your behavioural advertising settings by going to the website http://www.youronlinechoices.com.

  11. The website may contain links to external websites managed by third parties. We are not responsible for the rules of personal data processing and the use of cookies by the operators of external websites. More details on this subject can be found in the privacy policies of external websites.

  12. The website is stored on an external server, which, like all websites, generates logs. The logs store information concerning IP address, date and time of the server, browser and operating system. Logs are used exclusively for operational and technical purposes.

The afore-mentioned information is preliminary. We encourage you to read more details below.


PERSONAL DATA

Kreacyjnie Sp. z o.o.: ul. Dominikańska 9, 87-100 Toruń, Polska, VAT/NIP: PL9562390123, KRS: 0001083264 is the controller of your personal data within the meaning of the provisions on personal data protection.

The purposes, legal basis and period of processing personal data are indicated separately with respect to each purpose for data processing (see: a detailed description of different purposes of data processing).

Rights. The GDPR provides you with potential rights associated with the processing of your personal data:

  1. The right to access your data and to obtain a copy thereof,

  2. the right to rectify (correct) your data,

  3. the right to erase your data (if, in your opinion, there is no basis for us to process your data, you can request its erasure),

  4. the right to restrict the processing of data (you may request that we restrict the processing of your data only to the purposes of data storage or execution of actions to which you have agreed, if you believe we have incorrect data or we have been processing it without grounds to do so),

  5. the right to object against the data processing (you have the right to object against the data processing on the basis of a legitimate interest; you should indicate the particular situation which, in your opinion, provides grounds for refraining from the processing covered by the objection. We will no longer process your data for those purposes, unless we demonstrate that grounds for processing your data override your rights or that your data is necessary to establish, exercise or defend legal claims.

  6. the right to data portability (you have the right to receive from us, in a structured, machine-readable and commonly used format, the personal data that you have provided to us on the basis of a contract or your consent, and you may entrust us with the transfer of said data directly to another party),

  7. the right to lodge a complaint to the supervisory authority (if you state that we process data unlawfully, you may lodge a complaint with this regard with the President of the Personal Data Protection Office or another relevant supervisory authority).

The rules associated with the exercise of the afore-mentioned rights have been described in detail in Articles 16-21 of the GDPR. We encourage you to read these provisions. For our part, we consider it necessary to advise you that the above-mentioned rights are not absolute and that you will not be entitled to exercise them with regard to all actions related to the processing of your personal data.

Nevertheless, we want to emphasize that you will always be entitled to exercise one of the above-indicated rights – if you believe that we have violated the provisions on personal data protection in the course of processing of your personal data, you have the right to lodge a complaint with the supervisory body (President of the Office for Personal Data Protection).

You can also always ask us to inform you what data we have about you and why we process them. Just send a message to the following e-mail address: rafal@kreacyjnie.studio.

However, we have made every effort to include the information you may be interested in is in this privacy policy in a comprehensive manner. You can also use the above-listed e-mail address if you have any questions related to the processing of your personal data.


Safety. We guarantee the confidentiality of any personal data you provide. We take all security and personal data protection measures required by the provisions on personal data protection. Personal data is collected with due diligence and appropriately protected against unauthorised access.


Data recipients. Your personal data may be processed by entities whose services we use and whose services involve or may involve the processing of personal data. These include, in particular, the following entities:

  1. the host provider who stores data on the server,

  2. the provider of the mailing system in which your data is stored

  3. an accounting office that processes your data appearing on the invoices,

  4. the law firm that obtains access to the data if it is necessary to provide us with legal assistance,

  5. a website maintenance service provider who obtains access to the data if the technical work carried out relates to areas containing personal data,

  6. other subcontractors who have access to the data if the scope of their activities requires such access.

Your personal data may also be transferred to tax offices to the extent necessary to fulfil tax, clearing and accounting obligations. This applies in particular to all declarations, reports, statements and other accounting documents that contain your personal data.

In addition, if necessary, your personal data may be made available to entities, bodies or institutions that are authorised to access data under the law, such as police, security forces, courts, and prosecutor’s offices.


Transfer of personal data to third countries. We transfer your personal data to third countries in connection with the use of tools that store personal data on servers located in third countries, in particular in the USA. The providers of these tools guarantee an adequate level of personal data protection through appropriate compliance mechanisms as provided by the GDPR, in particular by entering into the Privacy Shield Program or by using standard contractual clauses.

The storage of personal data on servers located in third countries is carried out by means of the following tools:

  • services provided by nazwa.pl ltd based in Kraków, ul. Mieczysława Medweckiego 17, 31-870 Kraków – in particular the DNS Anycast service, which shortens the time of opening websites, by deploying DNS servers in different places in the world. Nazwa.pl ltd ensures an adequate level of protection of personal data through the use of compliance mechanisms provided by the GDPR.
  • services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland – with regard to all data processed within the framework of Google services, including those contained in files subject to synchronization with Google Drive.

    • Google Ireland Limited ensures an adequate level of protection of personal data through the use of compliance mechanisms provided by the GDPR, in particular by joining the Privacy Shield scheme. Below are links leading to confirmations of participation in the Privacy Shield program, where you can see information about the processing of personal data by this entity.

  • Google: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI,

    • Profiling and behavioural advertising. We do not make any decisions based exclusively on automated processing, including profiling, that would have legal consequences for you or which would affect you significantly in a similar way.

    Using certain tools, we may, for example, provide you with personalised advertisements based on your previous activities on our site or suggest products that may be of interest to you. This is called behavioural advertising. We encourage you to learn more about behavioural advertising, particularly with regard to privacy issues. You will find detailed information, including the ability to manage your behavioural advertising settings, here: http://www.youronlinechoices.com.

    We would like to emphasise that the tools we use do not give us access to information that would allow us to identify you. The information in question includes, in particular:

  • information about the operating system and the web browser you are using,
  • information about the browsed pages,
  • information the time spent on the website,
  • information about transitions between pages,
  • information about the source from which you are accessing our site,
  • information about the age range you are in,
  • information about your gender,
  • information about your approximate location limited to your city or town,
  • your interests determined by your online activities.

    • We do not collate the above-indicated information with your personal data stored in our databases. This information is anonymous and does not allow us to identify you. This information is stored on the servers of the providers of the various tools, and these servers may be located around the world.


    PURPOSES AND ACTIVITIES OF THE PERSONAL DATA PROCESSING

    User Account. When creating a user account, you must provide the data necessary to create the account, such as your e-mail address and password. Providing data is voluntary, but necessary to create an account. Data collected on the user account is processed in the WordPress system and stored on a server provided by nazwa.pl ltd based in Kraków, ul. Mieczysława Medweckiego 17, 31-870 Kraków. The data provided in connection with the creation of an account are processed in order to provide you with an electronic service consisting in providing you with the possibility to use the user account. The legal basis for processing your personal data is Article 6(1)(b) of the GDPR. You can modify your account details at any time.


    Orders. When you place an order through the website, you have to provide the data necessary to perform the order, such as name and surname, billing address, e-mail address, telephone number, VAT ID. Providing data is voluntary, however necessary for the order to be placed.

    The data provided to us in connection with the order are processed for the purpose of fulfilling the order (Article 6(1)(b) of the GDPR), issuing an invoice (Art. 6(1)(c) of the GDPR), including an invoice in our accounting records (Article 6(1)(c) of the GDPR) and for archival and statistical purposes, including the identification of the returning customer (Article 6(1)(f) of the GDPR).

    Data concerning orders will be processed for the time necessary to perform the order, and then until the expiry of the period of limitation of claims under the contract. Furthermore, after expiry of this period, data may still be processed by us for archival and statistical purposes, in particular for the purpose of identifying the returning customer. Keep in mind that we have an obligation to store invoices with your personal data for a period of 5 years from the end of the tax year in which the tax obligation arose.

    Furthermore, you cannot object to the processing of data and require the erasure of data until the expiry of the period of limitation of claims under the contract. Similarly, you cannot object to the processing of data and request the erasure of the data contained in invoices. However, you may object to the processing of your data for statistical purposes, as well as request removal of your data from our database after the expiry of the period of limitation of claims under the contract.


    Contact. By contacting us via e-mail or form available on the website, you naturally provide us with your personal data contained in the content of the correspondence, in particular your e-mail address and your name. Provision of data is voluntary, but necessary to create an account.

    In this case your data is processed in order to contact you, and the basis for the processing is Article 6(1)(a) of the GDPR, i.e. our legitimate interest. The legal basis for processing after the end of the contact is a justified purpose in the form of archiving correspondence for internal needs (Article 6 (1)(c) of the GDPR).

    The content of the correspondence can be archived and we cannot clearly determine when it will be deleted. You have the right to request to be presented with the history of your communication with us (provided it had been archived), as well as request its erasure, unless its archiving is justified due to our overriding interests, e.g. protection against potential claims on your part.


    COOKIES AND OTHER TRACKING TECHNOLOGIES

    Our website, like almost all other websites, uses cookies.

    Cookies are small text files stored on your device (e.g. computer, tablet, smartphone), which may be read by our ICT system (own cookies) or the ICT system of third parties (third party cookies).

    Some of the cookies we use are deleted at the end of the browser session, i.e. when the browser closes (so-called session cookies). Other cookies are stored on your terminal device and allow us to recognise your browser the next time you visit our website (persistent cookies).

    If you want to learn more about cookies as such, you can read this material: https://pl.wikipedia.org/wiki/HTTP_cookie.

    Below, you will find detailed information on the cookies functioning within our website.


    Cookies consent. By using the website with cookies enabled in your browser, you agree to record and store information in cookies and to accessing of said information.

    You can always change your browser cookie settings or delete cookies altogether. Browsers manage cookies settings in different ways. The help menu of your browser contains information on how to change the cookie settings.

    You can also manage your cookie settings by installing special add-ons that allow you to control cookies, such as Ghostery (https://www.ghostery.com).

    However, remember that switching the cookies off may cause problems in using this website, as well as many other websites which use cookies.


    First-party cookies. We use first-party cookies to ensure the proper operation of the website, the ordering process and the user account.


    Third-party cookies. Our website, like many other websites nowadays, uses functions provided by third parties, which involves using third-party cookies. The use of this type of cookies is described below.


    Google Analytics. We use Google Analytics, a tool provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We carry out these activities on the basis of our legitimate interest in creating and analysing statistics in order to optimize our websites.

    Google Analytics automatically collects information about your use of the website. The information collected in this manner is most commonly transmitted to and stored by Google on servers located in the United States.

    Due to the IP anonymization function, which we have activated, your IP address is shortened before being forwarded. The full IP address is only forwarded to Google servers in the United States and shortened there in exceptional cases. The anonymized IP address transmitted by your browser within the framework of Google Analytics will not generally be merged with other data held by Google.

    We would like to emphasize that Google Analytics does not collect any personally identifiable information about you. Therefore, the data collected within Google Analytics does not have the character of personal data. The information that we have access to within the framework of Google Analytics includes, in particular, the following:

  • information about the operating system and the web browser you are using,
  • information about the pages that you visit within the scope of our website,
  • information about the time spent on our website and its pages,
  • information about transitions between pages within the scope of our website,
  • information about the source from which you access our website.

    • In addition, we also use the following Advertising Features of Google Analytics:

  • demographic and interest reports,
  • remarketing,
  • advertising reporting functions, user-ID.

    • We also do not collect personal data as part of the Advertising Features. The information we have access to includes, in particular:

  • information about the age range you are in,
  • information about your gender,
  • information about your approximate location, limited to your city or town,
  • information about your interests determined by your on-line activity.

    • In order to use Google Analytics, we have implemented a special tracking code of Google Analytics in the code of our website. The tracking code uses Google LLC cookies concerning the Google Analytics service. You can block the Google Analytics tracking code at any time by installing the Google browser add-on: https://tools.google.com/dlpage/gaoptout.

    Google Analytics and Google Analytics 360 have been certified according to the ISO 27001 independent security standard. ISO 27001 is one of the most widely recognised standards in the world and certifies that systems that support Google Analytics and Google Analytics 360 meet the relevant requirements.

    More information related to the processing of data within Google Analytics can be found in the explanations prepared by Google: https://support.google.com/analytics/answer/6004245.


    Google Adwords. We use Google AdWords marketing tools provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. With the help of Google Adwords, we promote our website in search results and on third-party websites. We also use remarketing tools. We implement activities in this area based on our legitimate interest in the form of marketing of our own products or services. When you visit our website, a Google cookie remarketing file is automatically left on your device, which, with the help of a pseudonymous identifier (ID) and based on the pages you visit, allows you to display interest-based advertising.

    Further data processing only takes place if you have consented to Google to combine the browsing history and use of the application with your account, and to use information from your Google account to personalize the ads that are displayed on websites. If in this case you will be logged in when visiting our website on Google, Google will use your data together with Google Analytics data to create and define lists of target groups for remarketing on different devices. To this end, Google temporarily combines your personal data with Google Analytics data to create target groups.

    Due to the fact that Google LLC is based in the USA and uses technical infrastructure located in the USA, it joined the EU-US-Privacy Shield program to ensure an adequate level of protection of personal data required by European regulations. As part of the agreement between the US and the European Commission, the latter has established an adequate level of data protection for companies that have a Privacy Shield certificate.

    You can deactivate cookies used for remarketing as part of your Google account settings: https://adssettings.google.com. In addition, as part of cookie settings from our website, you can disable the use of cookies for remarketing.

    If you are interested in details related to data processing within Google AdWords, we encourage you to read the Google privacy policy: https://policies.google.com/privacy.


    Facebook Pixel. We use marketing tools available as part of Facebook and provided by Facebook Inc., 1601 S. California Ave. Palo Alto, CA 94304, USA. As part of these tools, we direct ads to you on Facebook. We implement activities in this area based on our legitimate interest in the form of marketing of our own products or services.

    In order to target you personalized ads in terms of your behavior on our site, we have implemented Facebook Pixel as part of our pages, which automatically collects information about your use of our site in terms of pages viewed. The information collected in this way is usually transmitted to a Facebook server in the United States and stored there.

    The information collected as part of Facebook Pixel is anonymous, i.e. it does not allow us to identify you. We only know what actions you have taken on our site. However, we inform you that Facebook may combine this information with other information about you collected as part of your use of Facebook and use for its own purposes, including marketing. Such Facebook actions are no longer dependent on us, and you can search for information directly in Facebook’s privacy policy: https://www.facebook.com/privacy/explanation. You can also manage your privacy settings from your Facebook account.

    Due to the fact that Facebook Inc. is based in the USA and uses technical infrastructure located in the USA, joined the EU-US-Privacy Shield program to ensure an adequate level of protection of personal data required by European regulations. As part of the agreement between the US and the European Commission, the latter has established an adequate level of data protection for companies that have a Privacy Shield certificate.

    As part of the cookie settings available from our site, you can decide whether you consent to our use of Facebook Pixel in your case or not.


    Video. We embed on our website content from external websites, in particular videos from YouTube. Therefore, we use Google LLC cookies associated with the YouTube service, including DoubleClick cookies.

    Whenever you play video or view other embedded material, Google is notified of this fact, even if you do not have a profile with the service provider or are not signed in. This

    information (including your IP address) is sent by your browser directly to the server of the relevant service provider (some servers are located in the USA) and stored there.

    If you have logged into the service provider’s website, the service provider can directly link your visit on our website to your profile on the relevant social media website. The purpose and scope of data collection and its further processing and use by service providers, as well as the possibility of contact and your rights in this respect and the possibility to make settings to ensure the protection of your privacy are described in the privacy policy of each service provider.

    If you do not want the service provider to link the data collected during the playing of videos or other content on our website directly to your profile on their website, you must log out of said website before visiting our website. You can also completely prevent plug-ins from being uploaded to the website by using appropriate add-ons for your browser, such as blocking scripts.

    The YouTube cookies are only loaded when the video is played, so if you don’t want this to happen, refrain from watching videos.


    Social Tools. Our websites use plugins and other social tools provided by social networking sites such as Facebook, Twitter, Instagram, Google, LinkedIN.

    By displaying our website containing such a plug-in, your browser will establish a direct connection to the servers of social network administrators (service providers). The content of the plugin is transmitted by the respective service provider directly to your browser and integrated with the website. Thanks to this integration, service providers receive information that your browser has viewed our website, even if you do not have a profile with a given service provider or are not currently logged in to it. This information (along with your IP address) is sent by your browser directly to the server of the given service provider (some servers are located in the USA) and stored there.

    If you have logged in to one of the social networking sites, then this service provider will be able to directly assign a visit to our website to your profile on the given social networking site.

    If you use a given plugin, e.g. by clicking on the “Like” or “Share” button, the relevant information will also be sent directly to the server of the given service provider and stored there.

    In addition, this information will be published on the respective social network and will appear to people added as your contacts. The purpose and scope of data collection and their further processing and use by service providers, as well as the possibility of contact and your rights in this regard and the ability to make settings to protect your privacy are described in the privacy policy of individual service providers.

  • Facebook – https://www.facebook.com/legal/FB_Work_Privacy,
  • Twitter – https://twitter.com/en/privacy,
  • LinkedIN – https://www.linkedin.com/legal/privacy-policy,
  • Instagram – https://help.instagram.com/155833707900388.

    • If you do not want social networks to assign data collected during visits to our website directly to your profile on a given website, then before visiting our website you must log out of this website. You can also completely prevent the plugins from loading on the page using the appropriate extensions for your browser, e.g. script blocking.


    SERVER LOGS

    Using the website involves sending requests to the server on which the website is stored. Each request to the server is saved in the server logs.

    The logs include i.a. your IP address, date and time of the server, information on the Internet browser and the operational system you use. Logs are saved and stored on the server.

    Data saved on server logs is not associated with a specific person using the website and is not used to identify you.

    The server logs constitute only auxiliary material for administrating the website, and their content is not disclosed to anyone beside the persons authorised to administrate the server.