This Policy should be read together with our Cookies Policy, which contains information about cookies.
This Policy specifies your rights in relation to your personal data and details of how to contact us or supervisory authorities if you have a complaint not in relation to our Services but the usage of your personal data.
Your access to and use of the Service might be conditioned on your acceptance of the Policy. These Policies apply to all visitors, users and others who access or use the Service.
In the sort of the Policy, we took into account the relevant law of Poland on personal data protection:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC hereinafter referred to as the GDPR) Act CXII of 2011 on the right to information self-determination and freedom of information. Act ("Info Act")
During the operation of http://mywebsite.com ("Website"), Appwrite Inc. ("Data Processors") and DigitalOcean LLC ("Data Processors") handles personal data of visitors, users of the Services or anyone who provides personal data ("Individual") on the Website.
When handling the data of the Individual (such as name, e-mail address), the Data Controller acts in accordance with the legal regulations in force at any time.
Data Controller qualifies under Article 30 (5) of the GDPR and in accordance with 25/L. § of the Info Act, Data Controller does not appoint a data protection officer (DPO), however You may contact us at:
e-mail : email@example.com (My Name) Pursuant to 25/E.-25/F § of the Info Act, Data Controller keeps record of its processing activities which is kept for 10 years.
This Policy is governed and construed in accordance with the laws of Poland, without regard to its conflict of law provisions.
The Data Controller is unilaterally entitled to amend the Policy at any time
- Personal data: any information relating to an identified or identifiable natural person ("Individual" or "Data Subject"); identifies a natural person who, directly or indirectly, in particular by reference to an identifier such as name, number, location, online username or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of an identifiable natural person;
- Data handling: any operation or set of operations on personal data or files, whether automated or non-automated, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- Data processing: the performance of technical tasks related to data handling operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the personal data;
- Data transfer: making the personal data available to a specific third party;
- Disclosure: making the personal data available to any third party;
- Data controller: shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law. As part of the provision of the Website service, the Data Controller.
- Data processor: means any natural or legal person, public authority, agency or any other body which processes personal data on behalf of Data Controller;
- Individual's consent: a voluntary, specific and duly informed and clear statement of the intention of the Individual is to indicate his or her consent to the processing of personal data concerning him or her by means of a statement or an unequivocal statement of confirmation.
DATA PROCESSORSUsers' personal data is stored on Appwrite servers, which are operated by DigitalOcean. Appwrite and DigitalOcean have their own privacy policies that govern how they collect, use and protect personal information.
Appwrite is a platform for creating and running web applications.
Appwrite stores personal data on its own servers.
- DigitalOcean is a company that provides hosting services.
- DigitalOcean stores personal data on its own servers.
PAYMENT PROCESSORSInformation about the fact that we use third-party payment processors.
- Stripe is a third-party payment processor that allows users to make payments for products or services offered by us.
- Stripe processes users' personal data for the purpose of processing payments, including name, surname, email address, billing address, and credit card number.
- Stripe stores users' personal data on its servers in the United States.
- Stripe uses Standard Contractual Clauses (SCC) as the legal basis for transferring users' personal data to the United States.
- PayPal is a third-party payment processor that allows users to make payments for products or services offered by [your company name].
- PayPal processes users' personal data for the purpose of processing payments, including name, surname, email address, billing address, and credit card number.
- PayPal stores users' personal data on its servers in the United States.
PRINCIPLESData handling and processing must be appropriate to the purpose of the data handling at all stages. Data handling and processing must be fair and lawful. Data handling and processing can only take place to the extent and for the time necessary to achieve the purpose.
In all cases where we request personal data from you, you are free to decide whether to provide the requested information: the data handling and processing shall based on a voluntary, well-informed consent of yours including your consent that Data Controller uses personal data provided on the Website. In case of doubt, it shall be assumed that the Individual has not given his consent.
According to the relevant legal regulations, personal data may be processed if:
- You consented to the processing of your personal data for one or more specific purposes;
- The processing is necessary for the performance your contract or steps are necessary at your request prior to the conclusion of the contract;
- Processing is necessary for compliance with a legal obligation to which the Data controller;
- The processing is necessary in order to protect your vital interests or another natural person;
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data controller;
- Processing is necessary for the protection of the legitimate interests of the Data controller or of a third party, unless those interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where the Individual is a child.
- The data handling and processing shall ensure the accuracy, completeness and, where necessary, the up-to-dateness of the personal data, and that the Individual can only be identified for the time necessary for the purpose of the data handling and processing.
In the sort of data handling and processing, only such personal data may be processed that is essential for the realization of the purpose of data handling and processing and is suitable for achieving the purpose.
The personal data shall be protected by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, accidental destruction and damage, and loss of access as a result of changes in the technology used.
The Individual may request information or check the content of his / her data at any time during the handling and processing of data, and may at any time, if necessary, request their correction, modification, change, deletion or blocking. The Individual may modify or withdraw her / his consent to data handling and processing at any time.
We share your data with external third parties, that are based outside of the EEA. We may sometimes contract with these third parties to supply certain services. These may include payment processing and marketing. In some cases, those third parties may require access to some or all of your personal data that we hold. The following safeguard[s] is applied to such transfers: We will only store transfer your personal data to countries that the European Commission has deemed to provide an adequate level of personal data protection.
PURPOSE OF DATA HANDLING AND PROCESSINGHandling and processing of personal data is necessary for visiting the Website or for using the Service advertised on the Website for the following purposes:
YOUR RIGHTSYou have the right to receive information from us, as Data Controller, as to whether your personal data is being handled. If we handle your personal data, you will be provided with at least the following information:
- the purpose of the data handling and processing;
- the category of personal data handled and processed;
- the recipients or categories of recipients to whom the personal data have been or will be transferred, including in particular third country recipients or organizations;
- where applicable, the intended period of storage of the personal data or, if this is not possible, the criteria for determining this period;
- the Data Subject's right to request the Data Controller to rectify, delete or restrict the processing of personal data concerning him or her and to object to the processing of such personal data;
- the right to file a complaint with a supervisory authority;
- and, in the case of transfers of personal data of the Data Subject, the legal basis and the recipient of the transfer.
As a Data Controller, I undertake to provide the information in writing at the request of the data subject in an intelligible form as soon as possible after the submission of the request, but no later than within 30 days.
I do not use an automated decision-making process (profiling). I do not supplement or link personal or other data.
Additional rights of the Data Subject in relation to data handling and processing
You can request the correction / supplementation of your personal data without undue delay, if we handle your personal data inaccurately / incompletely ("Right to rectification”).
You can request the deletion of personal data concerning you in full or for certain personal data we handle or process ("Right to Delete"). Under this right, you have the right to irrevocably and permanently delete / anonymize your personal data (and to destroy / anonymize the documents containing your deleted personal data).
You can request a restriction on the handling or the processing of your personal data concerns you by indicating the personal data you want to restrict ("Right to restrict data handling or processing"). Under this right, you have the right to restrict the handling or processing of your personal data if you dispute their accuracy or if, in your opinion, the handling or processing is unlawful;
You can ask us to indicate which recipients I have informed about the correction, deletion or restriction of data handling or processing ("Right to information");
If we handle or process your personal data on the basis of your consent, you may withdraw your consent to the handling or processing of data at any time ("Right to withdraw consent") for the future. We may also handle or process your personal data for the purpose of fulfilling our legal obligation or enforcing my legitimate interest after the withdrawal of your consent, if the enforcement of the interest is proportionate to the restriction of the right to the protection of personal data;
You have the right or the right to receive the personal data provided by you to the data Controller in a structured, widely used machine-readable format. In addition, you have the right to request / a third party with your legal authorization to transfer this data to another Data Controller (if the data processing by the Data Controller is based on your consent or a contract with the Data Controller. ("Right to data portability").
You have the right or the right to object to the handling or processing of your personal data processed on the basis of a legitimate interest ("Right to object").
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held).
All requests should be made in writing and sent to the email or postal addresses shown in Part 1. There is not normally any charge for any such requests. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your request within 21 days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.