This policy applies to the website located at the URL: loftgorce.pl
The operator of the service and the Data Administrator is: Loft Gorce Aleksandra Zapała Poręba Wielka 861 34-735 Poręba Wielka Tax Identification Number (NIP): 7372150745 REGON: 525100838
The Operator is the Administrator of your personal data concerning data voluntarily provided in the Service.
The Service uses personal data for the following purposes:
Running a newsletter
Operating a comment system
Operating an internet forum
Conducting online chat conversations
Operating a classified ads system
Presenting user profiles to other users
Displaying user advertisements
Handling inquiries via forms
Preparing, packing, and shipping goods
Carrying out ordered services
Debt collection
Presenting offers or information
The Service collects information about users and their behavior in the following ways:
Through voluntarily entered data in forms, which are entered into the Operator's systems.
By storing "cookies" in end devices (so-called "cookies").
Selected data protection methods used by the Operator:
Login and personal data entry areas are protected by SSL encryption. This means that personal data and login information entered on the website are encrypted on the user's computer and can only be read on the target server.
Personal data stored in the database is encrypted in such a way that only the Operator with the key can read it. This ensures that the data is protected in case the database is stolen from the server.
User passwords are stored in hashed form. The hashing function works in a one-way manner – it is not possible to reverse its operation, which is currently the standard for storing user passwords.
The service uses two-factor authentication, which provides an additional form of protection for logging into the Service.
The Operator periodically changes their administrative passwords.
To protect the data, the Operator regularly performs backups.
An essential element of data protection is the regular updating of all software used by the Operator to process personal data, which in particular means regular updates of programming components.
Hosting
The service is hosted (technically maintained) on the operator's servers: domeny.pl
Registration data of the hosting company: cyber_Folks S.A. with its registered office in Poznań, Franklina Roosevelta 22, 60-829 Poznań, entered into the National Court Register by the District Court Poznań – Nowe Miasto i Wilda in Poznań, VIII Economic Department of the National Court Register under the KRS number 0000612359, REGON 364261632, NIP 7822622168, share capital 225,541 PLN fully paid up.
You can learn more about hosting and check the privacy policy of the hosting company at https://domeny.pl.
The hosting company:
applies measures to protect against data loss (e.g., disk arrays, regular backups),
applies appropriate measures to protect processing locations in case of fire (e.g., special fire extinguishing systems),
applies appropriate measures to protect processing systems in case of sudden power failure (e.g., dual power rails, generators, UPS voltage backup systems),
applies physical access protection measures to processing data locations (e.g., access control, monitoring),
applies measures to ensure appropriate environmental conditions for servers as elements of the data processing system (e.g., environmental condition control, specialized air conditioning systems),
applies organizational solutions to ensure the highest possible level of protection and confidentiality (training, internal regulations, password policies, etc.),
has appointed a Data Protection Officer.
To ensure technical reliability, the hosting company keeps server logs. The following may be subject to recording:
resources specified by URL identifier (addresses of requested resources – pages, files),
time of the request,
time of sending the response,
client station name – identification performed by the HTTP protocol,
information about errors that occurred during HTTP transaction execution,
URL address of the previously visited page by the user (referer link) – in case the transition to the Service was made through a link,
information about the user's browser,
information about the IP address,
diagnostic information related to the process of self-ordering services through registrars on the website,
information related to handling email addressed to the Operator and sent by the Operator.
Twoje prawa i dodatkowe informacje o sposobie wykorzystania danych
In some situations, the Administrator has the right to transfer your personal data to other recipients if it is necessary to perform a contract with you or to fulfill obligations incumbent on the Administrator. This applies to such groups of recipients:
hosting company on the basis of entrustment,
couriers,
postal operators,
insurers,
law firms and debt collectors,
banks,
payment operators,
public authorities,
comment system operators,
online chat solution operators,
authorized employees and associates who use the data to achieve the purpose of the site's operation,
companies providing marketing services on behalf of the Administrator.
Your personal data processed by the Administrator will not be kept for longer than necessary to perform activities related to them specified by separate regulations (e.g., accounting). Regarding marketing data, the data will not be processed for more than 3 years.
You have the right to request from the Administrator:
access to your personal data,
rectification,
erasure,
restriction of processing,
and data portability.
You have the right to object to the processing referred to in point 3.3 c) against the processing of personal data for the purposes of the legitimate interests pursued by the Administrator, including profiling, provided that the right to object cannot be exercised in the case of the existence of compelling legitimate grounds for processing, overriding your interests, rights, and freedoms, in particular establishing, investigating, or defending legal claims.
You have the right to lodge a complaint with the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw, regarding the actions of the Administrator.
Providing personal data is voluntary but necessary to use the Service.
Actions may be taken with regard to you involving automated decision-making, including profiling, in order to provide services under the concluded contract and for direct marketing carried out by the Administrator.
Personal data is not transferred to third countries within the meaning of the provisions on personal data protection. This means that we do not transfer them outside the European Union.
Information in Forms
The Service collects information voluntarily provided by the user, including personal data, if they are provided.
The Service may store information about connection parameters (time stamp, IP address).
In some cases, the Service may store information facilitating the connection of data in the form with the user's email address filling out the form. In this case, the user's email address appears inside the url of the page containing the form.
Data provided in the form is processed for the purpose resulting from the function of a specific form, e.g., to carry out the process of handling a service request or commercial contact, registration of services, etc. Each time, the context and description of the form clearly inform what it is used for.
Administrator's Logs
Information about user behavior on the website may be subject to logging. This data is used to administer the website.
Significant Marketing Techniques
The Operator uses statistical analysis of website traffic through Google Analytics (Google Inc. based in the USA). The Operator does not transmit any personal data to the operator of this service, only anonymized information. The service is based on the use of cookies on the user's end device. In terms of user preference information collected by the Google advertising network, users can view and edit information from cookies using the tool: https://www.google.com/ads/preferences/
The Operator uses remarketing techniques, allowing for the customization of ad messages to user behavior on the site, which may give the impression that the user's personal data is being used for tracking. However, in practice, no personal data is transmitted from the Operator to advertising operators. The technological condition for such actions is the enabled support of cookies.
The Operator uses Facebook pixel technology. This technology allows the Facebook service (Facebook Inc. based in the USA) to know that a registered person on Facebook is using the Service. This is based on data for which the Operator is the administrator. The Operator does not provide any additional personal data to the Facebook service. The service is based on the use of cookies on the user's end device.
The Operator uses a solution to analyze user behavior by creating heatmaps and recording behavior on the site. This information is anonymized before being sent to the service operator, so the operator does not know which specific individual the data pertains to. Specifically, entered passwords and other personal data are not subject to recording.
The Operator uses a solution to automate the operation of the Service regarding users, such as sending an email to the user after visiting a specific subpage, provided the user has consented to receiving commercial correspondence from the Operator.
Cookie Information
The Service uses cookies.
Cookies are computer data, specifically text files, stored on the end device of the User of the Service and are intended for the use of the Service's websites. Cookies usually contain the name of the website they come from, the time they are stored on the end device, and a unique number.
The entity placing cookies on the end device of the User of the Service and accessing them is the operator of the Service.
Cookies are used for the following purposes:
maintaining the user's session on the Service (after logging in), allowing the user not to re-enter their login and password on each subpage of the Service;
achieving the goals specified above in the "Significant Marketing Techniques" section;
Within the Service, two main types of cookies are used: "session" cookies and "persistent" cookies. "Session" cookies are temporary files stored on the User's end device until they log out, leave the website, or close the internet browser software. "Persistent" cookies are stored on the User's end device for a specified time in the parameters of the cookie files or until they are deleted by the User.
Web browsing software (internet browser) usually allows cookies to be stored on the end device of the User by default. Users of the Service can change their settings in this regard. The internet browser allows for deleting cookie files. It is also possible to automatically block cookie files. Detailed information on this topic is available in the help or documentation of the internet browser.
Limiting the use of cookie files may affect some functionalities available on the websites of the Service.
Cookie files placed on the end device of the User of the Service may also be used by entities cooperating with the operator of the Service, in particular, this applies to companies: Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA), Twitter (Twitter Inc. based in the USA).
Managing Cookie Files – How to Express and Withdraw Consent in Practice?
If the user does not want to receive cookie files, they can change their browser settings. Please note that disabling the necessary cookie files for authentication processes, security, and maintaining user preferences may make it difficult, and in extreme cases, prevent the use of websites.
To manage cookie settings, select the internet browser you are using from the list below and follow the instructions: