I. INTRODUCTION
- The administrator of your personal data collected via the website at http://kitchenlab4kids.eu (hereinafter: the Website) is Akademia Ignatianum with its registered office in Krakow at ul. Kopernika 26, 31-501 Krakow. Contact with the Administrator: tel. 123 999 502. Contact with the Data Protection Officer: iod@ignatianum.edu.pl The data administrator is responsible for the security of the personal data provided and its processing in accordance with the law.
- Personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC ( i.e. GDPR) and other currently applicable provisions of law on the protection of personal data.
II. COLLECTED DATA – BASIC INFORMATION
- The following information applies to all the ways in which the Administrator uses personal data provided by users, indicated in Chapter III and IV.
- The administrator processes personal data:
- not logged in Website users using services and functionalities, the use of which does not require logging in (e.g. contact form, access to information and content that do not require an account),
- logged in users who have an individual account on the Website.
- The administrator does not use the personal data of the Website users to make decisions based on the automated processing of personal data, including profiling within the meaning of art. 22 GDPR.
- Subject to all data security guarantees, personal data processed via the Website may be transferred – apart from persons authorized by the Administrator – to other entities, including:
- entities authorized to receive them in accordance with the law,
- entities processing them on behalf of the Administrator (e.g. providers of technical, ICT and IT services, hosting service providers, service technicians of these services and ICT devices, analytical service providers, entities providing advisory services),
- The administrator will not transfer your personal data to countries outside the European Economic Area.
- The administrator informs that in connection with the processing of personal data obtained through the Website, each data subject has the right to submit a request regarding:
- access to data (information on the processing of personal data or a copy of the data),
- rectification of data (when they are incorrect),
- deletion of personal data (the right to be forgotten),
- restrictions on the processing of personal data,
- transferring data to another administrator,
- object to the processing of data in a situation where the basis for processing is the legitimate interest of the Administrator,
- withdraw consent in the event that the Administrator processes personal data based on consent, at any time and in any way, without affecting the period before its withdrawal
- on the terms set out in the GDPR.
- Each data subject has the right to lodge a complaint with the President of the Personal Data Protection Office based in Warsaw, if he or she believes that the processing of personal data is not in accordance with the regulations.
- The data was obtained by the Administrator directly from the user. The administrator may also process personal data of other people provided by the user when using the services described in the privacy policy and the Website Regulations.
III. PERSONAL DATA PROVIDED BY THE USER
III. A. E-MAIL CONTACT
- The administrator processes personal data, in particular the name and surname, e-mail address and other information provided by the user to the extent necessary to conduct communication and answer questions asked via the e-mail address provided on the Website (legal basis – Article 6 par. 1 letter f of the GDPR) – “legitimate interest”.
- The administrator has the right to process personal data for the period necessary to achieve the above-mentioned purposes. Depending on the legal basis, this will be appropriate:
- the time necessary to process the inquiry, including answering the question sent or settling matters related to which the correspondence is conducted;
- the time until the consent is withdrawn by the user (including until the consent for the use of special categories of data is withdrawn).
- Withdrawal of consent may take place, in particular, by contacting the Administrator via the contact details indicated above. Withdrawal of consent does not affect the lawfulness of the use of data during the period in which the consent was in force.
- Providing data is voluntary, but necessary to answer the question sent or for the proper handling of the request and implementation of the inquiry. The consequence of not providing personal data may be the inability to answer or process the inquiry.
III. B. USER ACCOUNT
- The administrator processes personal data for the following purposes:
- signing a contract for the provision of electronic services (in accordance with the Act of 18 July 2002 on the provision of electronic services, Journal of Laws 2020.344, hereinafter: pes), including registration and maintenance of a free user account (legal basis – Article 6 paragraph 1 letter b of the GDPR) – “performance of the contract”,
- pursuing claims arising from the contract, considering complaints (legal basis – Article 6 (1) (f) of the GDPR) – “legitimate interest”; deadlines for pursuing claims under the contract are specified in detail in the Civil Code,
- The administrator processes personal data for the purpose of registering and maintaining a free account, in particular:
- name,
- last name,
- e-mail adress.
- The administrator has the right to process personal data for the period necessary to achieve the above-mentioned purposes. Depending on the legal basis, it will be respectively:
- the time necessary to perform the contract, i.e. the time related to having a user account,
- the time after which the claims under the contract are time-barred,
- time until the user’s objection is raised.
- Providing the above-mentioned personal data is voluntary, but necessary to register and maintain an account on the Website. Failure to provide data may prevent the use of the Website.
III. B. WEBSITE SERVICES related to the processing of personal data:
III. B.1. CONTACT FORM
- The administrator may collect personal data, in particular e-mail address and other information provided by the user, via the contact form available on the Website.
- The administrator processes personal data to the extent necessary to fulfill the inquiry, including answering questions asked via the contact form available on the Website (legal basis – Article 6 (1) (f) of the GDPR) – “legitimate interest”.
- The administrator has the right to process personal data for the period necessary to achieve the above-mentioned purposes. Depending on the legal basis, this will be accordingly:
- the time necessary to answer the query sent by the user using the contact form;
- time to claim the objections against;
- the time until the consent is withdrawn by the user (including until the consent for the use of special categories of data is withdrawn).
- Withdrawal of consent may take place, in particular, by contacting the Administrator via the contact details indicated above. Withdrawal of consent does not affect the lawfulness of the use of data during the period in which the consent was in force.
- Providing the data indicated in the contact form is voluntary, but necessary to answer the question sent or for the proper handling of the request and the implementation of the inquiry. The consequence of not providing personal data is the inability to send the user a reply.
III. B.2. FACEBOOK
- The administrator is the administrator of personal data of users using products and services offered by Facebook, who visit the Administrator’s website, available at: https: //facebook.com/KitchenLab4Kids-109904723897139 (hereinafter: Fanpage). As the Administrator, he is responsible for the security of the personal data provided and their processing in accordance with the law.
- The administrator processes the personal data of users who visit Fanpage using Facebook products and services. These data are processed:
- in connection with running a Fanpage, including to promote your own brand (legal basis – Article 6 (1) (f) of the GDPR) – “legitimate interest”;
- in order to answer questions asked via Messenger or other services offered by Facebook (legal basis – Article 6 (1) (f) of the GDPR) – “legitimate interest”; if the user provides specific categories of data (e.g. health information), he / she declares that he / she agrees to their use for the proper handling of the report and inquiry, including communication and answering (legal basis – Article 9 par. . 2 letter a GDPR) – „consent”.
- The administrator has the right to process:
- publicly available personal data
- and other information publicly shared by a user using Facebook products and services (the content of comments and messages transmitted via instant messaging, including health data, etc., voluntarily disclosed by the user) in order to answer the submitted query or in the purpose of the contact request.
- The scope of personal data processing, the specific purposes as well as the rights and obligations of the user of Facebook products and services result directly from:
- Facebook regulations (the document is available on the Facebook website at: https://www.facebook.com/legal/terms) and
- “Data Policy” (the document is available on Facebook at: https://www.facebook.com/policy)
- The administrator has the right to process personal data for the period necessary to achieve the above-mentioned purposes. Depending on the legal basis, it will be respectively:
- the time until the objection is raised (or the Facebook user account is deleted),
- the time until the consent is withdrawn (or the Facebook user account is deleted). Withdrawal of consent does not affect the lawfulness of data processing during the period in which the consent was in force;
- the period necessary to handle the query sent by the user via Messenger or other Facebook services.
- The catalog of recipients of personal data processed by the Administrator results primarily from the scope of products and services used by the Facebook user, but also from the user’s consent or legal provisions. Subject to all data security guarantees, the Administrator may transfer personal data of a user visiting Fanpage – in addition to persons authorized by the Administrator – to other entities, including entities processing data on behalf of the Administrator, e.g. to technical service providers and entities providing consulting services (including law firms) and contractors providing services to the Administrator on the basis of concluded contracts.
- The administrator will not transfer the personal data of the user using Facebook products and services to countries outside the European Economic Area (to countries other than the European Union countries and Iceland, Norway and Liechtenstein).
- The administrator may process the personal data of users using Facebook products and services who visit Fanpage in order to analyze how users use the Administrator’s website and related content (keeping statistics) – if the users use Fanpage and content from related to it causes the creation of an event for website statistics, which involves the processing of personal data (legal basis – Article 6 (1) (f) of the GDPR) – “legitimate interest”.
- In the case of personal data processed for the purpose of keeping statistics on the actions taken by the user on the Fanpage (including observing or stopping following the page, recommending a page in a post or comment, liking a page or post, canceling a like), the Administrator and Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) are joint controllers of the personal data of users. The types of data and the scope of their processing as well as the principles of privacy protection and user rights are indicated in detail:
- in the “Data Rules” document, published on the Facebook website at: https://www.facebook.com/policy,
- in the “Information about website statistics” document, published on the Facebook page at: https://www.facebook.com/legal/terms/page_controller_addendum.
- Facebook is responsible for notifying users of Facebook products and services about the processing of data for the purposes of website statistics and for enabling them to exercise their rights in accordance with the GDPR (information about the data used to create website statistics is available on the Facebook website at:
https://www.facebook.com/legal/terms/information_about_page_insights_data
- The Facebook data protection officer can be contacted via the form provided on the Facebook page at: https://www.facebook.com/help/contact/540977946302970
IV. DATA COLLECTED AUTOMATICALLY
- Using the Website involves sending queries to the server, which are automatically saved in the event logs.
- Data on user sessions are stored in the event logs. In particular, these are: IP address, type and name of the device, date and time of visits to the Website, information about the web browser and operating system.
- The data recorded in the event logs are not associated with specific individuals.
- Access to the content of the event logs is granted to persons authorized by the Administrator to administer the Website.
- The chronological record of information about events is only auxiliary material, used for administrative purposes. The analysis of event logs enables, in particular, the detection of threats, ensuring adequate security of the Website and the performance of statistics in order to better understand how the Website is used by users.
- Data on user sessions are used to diagnose problems related to the functioning of the Website and to analyze possible security breaches, to manage the Website and to prepare statistics (legal basis – Article 6 (1) (f) of the GDPR) – “legitimate interest”.
- The website uses cookies for its operation. For more information, see “INFORMATION ABOUT COOKIES”:
V FINAL PROVISIONS
- This document is of an informative nature and concerns in particular the website available at www.kitchenlab4kid.eu.
- The administrator reserves the right to introduce changes to the applicable privacy policy, in particular in the case of:
- technology development;
- changes in generally applicable legal provisions, including in the field of personal data protection or information security;
- Website development, including implementation of new functionalities.
- The Administrator will notify users about changes to the content of the privacy policy by posting a message on the Website.