This Privacy Policy refers to the Website and services performed by Legal English by Chojecka Agnieszka Chojecka.
Personal data controller
Personal data controller (hereinafter the Service Provider) is:
Legal English by Chojecka,
Agnieszka Chojecka,
ul. Dąbrowskiego 20/22a/5,
60-839 Poznań, Poland.
Data security
Servers where we store personal data are located in the European Union.
We use technical and cryptographic security measures to protect processed data against unauthorized access, modification or deletion. We install security patches on servers on a regular basis.
Payment security
As regards payments, sensitive data (such as payment card number) are not processed on our servers but on the servers of payment operators. Payment operators use security measures in compliance with the provisions of law and regulations of organisations issuing payment cards. These entities provide us with details on the statuses of individual payments.
What kind of information is collected?
We collect your data when you use our website and set up an account on our website.
Data required to set up an account
When you set up an account we ask you to provide the following details:
– name and surname,
– e-mail address,
– account name (login),
– password
– address.
Content uploaded by the User
When you use our services, we collect and process the following data:
– history of your orders and payments on our website, including payer’s details (for payment to our bank account it means name, surname, address, bank account number),
– messages sent to you by e-mail, message module on the website, contact form,
– IP addresses and information on the device you use for our services,
– history of using the Service Provider’s Website.
Logs
When using the Service, the following information may be saved each time a request is sent to the Service Provider’s server:
– data and time of the request,
– content and status of the request (e.g. URL of the visited page with parameters attached),
– IP address of the computer from which the request has been sent,
– amount of data sent in a reply,
– headers sent by the user’s device (including but not limited to browser, operating system, set language, redirect page, cookie content).
Cookies, browser storage and cache
We use mechanisms such as cookies, browser local storage (for example, Web Storage) or device storage (for mobile applications) that can store both data necessary to provide the requested service (for example, your session data, preferences and settings) and additional information such as unique identifiers or temporary data to speed up the loading of content.
We also use cookies to store a unique user ID for the Remember Me feature so that you do not have to log in to the platform from a particular browser / application on a particular device each time unless you log out in the meantime using the Logout button, the cookie expires / is deleted by you or you change your account password in the meantime.
If you do not consent to such data being placed on your device, you may modify the browser settings accordingly. Limiting the use of these mechanisms may affect the functionalities available on the Website It is also possible to delete data previously saved using the appropriate settings in the browser.
Pixel tags
We use pixel tags, i.e. elements that are placed, for example, in an e-mail or in the code of a website, to monitor activities such as opening an e-mail or viewing a page.
What is the purpose and basis of your data being processed?
We process your data only when we have legal grounds to do so.
Purposes of data processing pursuant to s. 6(1)(b) of the GDPR (processing necessary for the performance of the contract to which you are party or to take action at your request prior to the conclusion of the contract):
– performance of our contract, including running your account on the Website and payment processing,
– ensuring high quality of the service, maintaining the operation of services, solving technical problems,
– sending notifications of messages related to transactions and subscriptions which end,
– settlement of the contract after its completion.
Purposes of data processing pursuant to s. 6(1)(c) of the GDPR (fulfilling our legal obligations):
– accounting and tax settlements,
– keeping accounting documents for the time required by the provisions of law,
– handling of complaints
– storing the history of changes in order to ensure the accountability of the processed personal data.
Purposes of data processing pursuant to s. 6(1)(f) of the GDPR (our legitimate interest):
– handling the requests you send to us, for example via e-mail, contact form, telephone,
– monitoring activity on the Website in order to develop the services provided and improve the comfort of their use,
– settlements with our partners with whom you order our services,
– direct marketing (e.g. informing users of our services),
– developing new services and products,
– conducting surveys and statistical analyses,
– offering better-tailored content,
– ensuring security, detecting misuse, enforcing legal claims.
Who receives your data?
Transfer of data processing to other entities
We transfer the processing of your data to:
– entities operating our IT systems, providing hosting services, data storage services, telecommunication services, e-mail services,
– entities processing payments on our behalf,
– entities keeping our accounting and tax settlements,
– entities providing us with legal service and counselling.
Transfer of data processing to entities outside the European Union
We use services from suppliers in various countries, including those seated outside the European Union (e.g. in the USA). The legal regulations concerning the protection of personal data in these countries differ from those applied in the European Union, however, we require all suppliers to process the data entrusted to them in a secure manner and in accordance with the EU data protection law. We use standard measures set out in the EU law – primarily relevant contract clauses.
At as the date hereof, these suppliers include:Amazon Web Services seated in the USA, Google Inc. seated in the USA, Facebook Inc. seated in the USA.
Your rights
As we process your personal data you have a right to:
– request access to your data,
– request rectification of incorrect data or completion of incomplete data,
– request limitation of processing,
– object against the processing of data and profiling for the purposes of our legitimate interests for reasons relating to your particular situation,
– object against the processing of data for the purposes of direct marketing and profiling in connection with such marketing,
– request that your processed data be deleted,
– request deletion of the data,
– request access, for example to transfer the data to another data controller.
The exercise of these rights may depend on the legal basis on which we use your data and the purpose for which it is processed. Request concerning the processed personal data should be sent by e-mail or mail.
You can browse and modify most of your personal data attached to your account on Account settings page. You will always find there an option to delete your account.
To authorize the submitted requests concerning personal data our employee may ask for additional information in order to confirm the identity of the person making the request.
You may cancel your consent for personal data processing at any time. This will not affect the lawfulness of the processing carried out on the basis of consent prior to its withdrawal.
Data keeping period
If you cancel your consent for the processing of your personal data or in the event of the termination of all contracts on the basis of which they were processed, we will delete your data but:
– we try to protect user data against accidental or malicious deletion. Therefore, in some cases there is a delay between the deletion of some data on your account, and the moment of deleting a copy of these items from our servers.
– In special cases (e.g. risk of pursuing claims in connection with the performance of the contract, your breach of the applicable regulations or provisions of law) we may keep the data necessary to establish the scope of the breach or to pursue and defend potential claims. This however will not last longer than 6 yeas of cancelling the consent or terminating the contract.
– The law obliges us to keep data necessary for tax and accounting settlements, for periods specified in relevant regulations.
– We are obliged by law to ensure the accountability of the stored personal data, therefore we will store the necessary information and documents for the period of time necessary to fulfil this
obligation.
– Data may not be deleted if there are other important legitimate grounds for their processing that are legally superior to your interests, rights and freedoms.
Supervisory authority
If you have any concerns regarding the way in which we process your data, please contact us first. You may also file a complaint to the supervisory authority:
Urząd Ochrony Danych Osobowych
ul. Stawki 2
00-193 Warsaw
Website: https://www.uodo.gov.pl/
Changes to the Privacy Policy
The Service Provider reserves a right to modify this Privacy Policy from time to time in compliance with relevant provisions of law. Applicable version of the Privacy Policy will be available at the Website.
Attachment A to the Terms and Conditions
Statement-of-withdrawal