Privacy policy

Based on Article 13 and 14 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "GDPR"), Izabela Stachurska running a business under the name: "The Shift Izabela Stachurska", NIP: 5251467933, REGON: 360055462, is obliged to fulfill the information obligation towards persons whose personal data is processed.

This information takes into account the main aspects related to the processing of personal data of users of the website www.izabelastachurska.pl (hereinafter also the "Website").

1. General information

   1. The administrator of personal data in accordance with the GDPR is:
      Izabela Stachurska
      NIP: 5251467933
      REGON: 360055462
      (hereinafter also referred to as the "Administrator")
   2. If you have any questions related to this document, as well as the processing of your personal data, you can contact the Administrator at any time at the following e-mail address: www@izabelastachurska.pl.

2. The most important rules

   1. The administrator makes every effort to ensure that your personal data remains confidential and secure, in particular it is properly protected against access by unauthorized persons.
   2. The Administrator processes your personal data only to the extent necessary for the functioning of the Website, the Administrator's cooperation with the Website users and for other activities described in this document. The administrator processes your personal data only in a manner consistent with applicable law, including the GDPR.
   3. Providing your personal data is voluntary. However, failure to provide certain personal data indicated in the Privacy Policy will result in the inability to cooperate and contact the Administrator.
   4. The Website uses cookies for which the Administrator has adopted a separate cookies policy.

3. What is personal data and what is its processing?

   1. Pursuant to the provisions of the GDPR, "personal data" means any information relating to an identified or identifiable natural person.
   2. An identifiable natural person is a person who can be directly or indirectly identified, in particular on the basis of an identifier such as name and surname, identification number, location data, internet identifier or one or more specific factors determining the physical, physiological, genetic, the mental, economic, cultural or social identity of a natural person.
   3. Processing of personal data should be understood as any activity on personal data, performed in an automated or non-automated manner, such as collecting, recording, organizing, organizing, storing, adapting or modifying, downloading, browsing, using, disclosing by sending, distributing or otherwise the kind of sharing, matching or combining, limiting, deleting or destroying.

4. Purposes of personal data processing

   1. In connection with the functioning of the Website, your personal data is or may be processed by the Administrator for the following purposes:
      1. contact via the contact form on the Website
         The legal basis for the processing of personal data is your consent resulting from initiating contact (Article 6 (1) (a) of the GDPR), as well as the Controller's legitimate interest in ensuring the highest level of service (Article 6 (1) (f) of the GDPR) ). The administrator processes personal data in the form of name, surname, e-mail address, and any other data indicated voluntarily in the message. Your data will also be processed after the end of the contact, for various purposes, depending on what the subject of the correspondence was. The legal basis for such processing is the legitimate purpose of archiving correspondence for the purposes of proving its future course (Article 6 (1) (f) of the GDPR). Providing data is voluntary, but necessary to initiate contact via the contact form on the website www.izabelastachurska.pl.
      2. Outside of the Website, your personal data may be processed by the Administrator for the following purposes:
         1. compliance with the obligations imposed by law
            Your data may also be processed in order to fulfill the obligations imposed on the Administrator, provided for by law, in particular to transfer your data for the purposes of possible court, administrative or other proceedings before state authorities, as well as to fulfill the obligations resulting from the provisions on accounting and tax law (Article 6 (1) (c) of the GDPR). In these cases, the processing of personal data is an obligation resulting from legal provisions.
         2. archival and evidence purposes
            1. Your data may be processed for archival and evidence purposes, for the purposes of securing information that may be used to prove facts, which is the legitimate interest of the Administrator (in accordance with Article 6 (1) (f) of the GDPR). Data archived in this way may be used for the purpose of possible determination, investigation or defense against claims or allegations.
            2. Your personal data may also be processed for other purposes, in which case you will each time receive information on this subject, in a manner consistent with the information obligation resulting from the GDPR (Articles 13 and 14 of the GDPR).

5. The period of personal data processing

   Your personal data will be processed for an appropriate time, depending on the purpose for which the personal data was collected:

   1. data processed for the purpose of contact via the contact form on the Website - for the duration of the correspondence and after its completion, for the duration of the legitimate interest of the Administrator, but no longer than until any claims related to correspondence are time-barred.

6. From what sources does the Administrator obtain personal data?

   1. Personal data held by the Administrator comes from you.
   2. If the data has not been provided by you, it comes from other entities that will provide your data, eg. in correspondence.

7. Recipients of personal data

   1. The administrator carefully selects entities with whom she cooperates or whose services she uses in the processing of personal data, striving to ensure maximum protection of your data.
   2. The Administrator does not disclose your data to third parties, unless it is necessary to ensure the proper processing of personal data and the conduct of business by the Administrator. The data is or may be shared or entrusted to the following entities:
      
      1. authorized employees and associates of the Administrator,
      2. recipients of personal data:
         
         1. persons (legal advisers and attorneys-at-law) providing legal assistance services for the Administrator,
         2. entities to which the Administrator is obliged to provide personal data under generally applicable provisions of law,
      3. processing entities (based on concluded contracts for entrusting the processing of personal data):
         
         1. entities that may potentially gain access to your personal data when providing the Administrator with e-mail and other electronic means of communication, as well as IT systems,
         2. entities providing the Administrator with accounting or auditing services.
   3. The administrator may transfer your personal data to third countries only when using IT systems provided by entities based outside the European Union and the European Economic Area or when it results from generally applicable provisions of EU or national law.

8. Rights in connection with data processing by the Administrator

   1. The GDPR grants you the following rights related to the processing of your personal data:
      1. the right to request access to your personal data,
      2. the right to request the rectification of personal data,
      3. the right to request the deletion of personal data (the right to be forgotten)
      4. the right to request a restriction of processing,
      5. the right to transfer data,
      6. the right to object to the processing of personal data,
   2. If the processing is based on consent, you may at any time, without giving any reason, withdraw your consent in any form, in particular by sending an e-mail to the Administrator. Withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.
   3. You also have the right to lodge a complaint with the President of the Personal Data Protection Office, if you believe that the processing of your data by the Administrator violates the law.
   4. Not all the rights referred to in para. 1 will be available to you in relation to each processing. It depends on the type of processing and its legal basis.
   5. The administrator may make decisions in an automated manner, however, it will not have any legal effects on you or similarly significantly affect your situation.

9. Final provisions

   1. When using the Website, you are obliged to observe the law and good manners, as well as respect personal data, copyrights and personal rights of third parties.
   2. The scope of the Administrator's activity may change, and the Privacy Policy will also change with it. The Administrator will inform about the scope and content of these changes on the Website and fulfilling the relevant information obligation.