Privacy Policy
I. BASIC TERMS
- Administrator – Adrianna Zielińska Alabasterfox with registered office in Wrocław (53-125), al. Kasztanowa 3A-5, e-mail address: hello@alabasterfox.studio,
- User – any natural person whose personal data is processed by the Administrator,
- Personal data – all information about a natural person identified or identifiable by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, as well as device IP, location data, Internet identifier and information collected through cookies and other similar technology,
- RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation),
- Service – the IT solution located at the web address alabasterfox.studio, which consists, among other things, of a complex of services provided electronically to Users,
- Processing of personal data – any operations performed on personal data, such as collecting, recording, storing, developing, changing, sharing and deleting, especially those performed in computer systems,
- Personal data breach – a breach of security leading to accidental or unlawful destruction, loss, modification, unauthorized disclosure of or unauthorised access to personal data transmitted, stored or otherwise processed.
II. PROCESSING OF PERSONAL DATA AND INFORMATION ON FORMS
- Service User’s personal data may be processed by the Data Administrator in case:a) when Service User gives his/her consent in the forms posted on the Service, in order to take the actions to which the forms refer (art. 6.1.a RODO); b) when processing is necessary for the performance of a contract to which Service User is a party (art. 6.1.b RODO), c) in order to handle complaints – the legal basis for processing is the necessity of processing for the performance of the contract (art. 6.1.b RODO);
d) in order to fulfill a legal obligation incumbent on the Administrator (Article 6(1)(c);
e) for the purpose of possibly establishing and asserting claims or defending against them – the legal basis for processing is the Administrator’s legitimate interest in protecting your rights (Article 6(1)(f) RODO).
f) for the Administrator’s marketing purposes, consisting of informing the User about the current offer and new functionalities of the Service – the legal basis for processing is consent (Article 6(1)(a) RODO), - The Administrator processes Service User’s personal data to the extent necessary for the purposes specified in point 1 above and for the period necessary to achieve those purposes, or until Service User withdraws consent. Failure by a Service User to provide data may, in certain situations, result in the inability to fulfill the purposes for which the data is necessary.
- The Administrator may send electronic letters of a commercial nature, provided that the Service User has given his/her consent.
- The Administrator keeps a record of persons authorized to process them. Persons who have been authorized to process the data are obliged to maintain strict secrecy of the personal data and ways of securing them.
- The Administrator and persons authorized to process such data shall apply technical and organizational measures to ensure the protection of the processed personal data.
- The following personal data of the Service User may be collected by means of the forms provided in the Service or in order to execute contracts possible to be concluded within the Service: name, surname, address, e-mail address, telephone number.
- The data contained in the forms, provided to the Administrator by the Service User, may be transferred by the Administrator to third parties, cooperating with the Administrator in connection with its implementation of the purposes specified in point 1.
- A third party with access to personal data processes them only on the basis of a personal data processing entrustment agreement and only on the Administrator’s instructions.
- Data provided in forms posted on the Website are processed for purposes resulting from the function of the specific form; in addition, they may also be used by the Administrator for archival and statistical purposes. The consent of the data subject is given by unchecking the appropriate box on the form.
- The Service User, where the Service provides for it, by checking the appropriate box in the registration form, may refuse or consent to receive commercial information by means of electronic communication, in accordance with the Act of July 18, 2002 on Providing Services by Electronic Means (Journal of Laws of 2002, No. 144, item 1024, as amended). If the Service User has consented to receive commercial information by means of electronic communication, he/she has the right to revoke such consent at any time. Exercising the right to revoke consent to receive commercial information is accomplished by sending an appropriate request by e-mail to the Administrator’s address, together with the name of the Service User.
- The Administrator processes personal data of Users visiting the Administrator’s profiles maintained on social media (Facebook, Instagram, YouTube, Twitter, Pinterest, Threads). This data is processed in order to inform Users about the Administrator’s activities, offer services, as well as to communicate with Users through tools available on social media. The legal basis for the processing of personal data for this purpose is the legitimate interest of the Administrator (Article 6(1)(f) of the RODO), consisting of promoting its own brand and the services it offers, as well as building and maintaining a brand-related community.
- Within the Service, the Administrator may automatically tailor certain content to the User’s needs, i.e. perform profiling, using the personal data provided by the User. This profiling primarily involves automatically assessing what products the User may be interested in, based on the User’s past online activities, including within the Administrator’s websites, and displaying product advertisements profiled in this manner. The profiling carried out by the Administrator does not result in decisions that produce legal effects towards the User or affect the User in a similarly significant manner.
III. USERS’ RIGHTS
- In accordance with Articles 15 – 22 of the RODO, each User of the Service has the following rights:
- The right to information about the processing of personal data – the person making such a request shall be provided by the Administrator with information about the processing of personal data, the purposes and legal grounds for the processing, the scope of the data held, the entities to which the personal data are disclosed and the planned date for their deletion;
- The right to obtain a copy of the data – the Administrator shall provide a copy of the processed data concerning the person making the request;
- The right to rectification – the Administrator, at the request of the Participant, removes any inconsistencies or errors regarding the processed personal data, and completes or updates them if they are incomplete or have changed;
- The right to erasure – the User may request the erasure of data whose processing is no longer necessary for the fulfillment of any of the purposes for which they were collected;
- The right to restriction of processing – on this basis, the Administrator shall cease performing operations on personal data, with the exception of operations consented to by the data subject and their storage, in accordance with the adopted retention rules, or until the reasons for restriction of data processing cease to exist (e.g., a decision of a supervisory authority authorizing further data processing is issued);
- The right to data portability – on this basis, to the extent that the data are processed in connection with a contract concluded or consent given, the Administrator shall release the data provided by the data subject;
- The right to object to the processing of data for marketing purposes – the data subject may object at any time to the processing of personal data for marketing purposes, without having to justify such objection;
- The right to object to other purposes of processing – the data subject may object to the processing of personal data at any time. An objection in this regard shall contain a justification and shall be subject to review by the Controller;
- The right to withdraw consent – if the data is processed on the basis of consent, the data subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before the withdrawal of that consent;
- The right to complain – if the processing of personal data is deemed to violate the provisions of the RODO or other data protection laws, the data subject may file a complaint with the supervisory authority.
- A request for the exercise of the rights of data subjects, can be submitted:
- in writing to the address: Adrianna Zielińska Alabasterfox with its registered office in Wrocław (53-125), al. Kasztanowa 3A-5;
- by e-mail to: hello@alabasterfox.studio
- Applications will be responded to within one month of receipt. If it is necessary to extend this deadline, the Administrator will inform the applicant of the reasons for such extension.
- The response will be provided to the e-mail address from which the application was sent, and in the case of applications sent by letter, by registered mail to the address indicated by the applicant, unless the content of the letter indicates a desire to receive feedback to the e-mail address (in which case the e-mail address must be provided).
IV. COOKIES AND SIMILAR TECHNOLOGY
- The Website uses cookies.
- Cookies are IT data, in particular text files, which are stored in the Service User’s terminal equipment and are intended for use on the Website. Cookies usually contain the name of the website they come from, the time they are stored on the terminal equipment and a unique number.
- The entity placing cookies on the Service User’s terminal equipment and accessing them is the Administrator.
- Cookies are used for, among other purposes:
- creating statistics that help to understand how Service Users use the websites;
- maintaining a session of the site user (after logging in), thanks to which the User does not have to re-enter his/her login and password on each sub-page of the site;
- determining the profile of a User in order to display him/her customized materials in advertising networks, in particular the Google network.
- The Website uses two main types of cookies: “session” (session cookies) and “permanent” (persistent cookies). “Session” cookies are temporary files that are stored on the User’s terminal equipment until the User logs out, leaves the website or shuts down the software (web browser). “Permanent” cookies are stored on the User’s end device for the time specified in the parameters of the cookies or until they are deleted by the User.
- Web browsing software (Internet browser) usually allows the storage of cookies on the User’s terminal device by default. Users of the. Website may change their settings in this regard. The web browser makes it possible to delete cookies. It is also possible to automatically block cookies Detailed information on this subject is contained in the help or documentation of the Internet browser.
- Restrictions on the use of cookies may affect some of the functionalities available on the Website.
- To collect statistics, the Administrator uses the Google Analytics product, thus the data of the User visiting the Website will be received by Google, 1600 Amphitheatre Parkway Mountain View, CA 94043 United States. Google is certified in the Privacy Shield program. As part of the agreement between the United States and the European Commission, the latter has stated an adequate level of data protection for companies certified by Privacy Shield. It is possible to block Google Analytics from accessing your data after you install a plug-in in your browser, located at the following link: https://tools.google.com/dlpage/gaoptout/. If you are interested in the details related to Google Analytics data processing, we encourage you to read the explanations prepared by Google: https://policies.google.com/privacy?hl=pl.
- The Administrator also uses marketing tools available on Facebook and provided by Meta Platforms Ireland Limited, registered office: 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland. Within the framework of these tools, Facebook ads are targeted. Activities in this regard are carried out on the basis of legitimate interest in the form of marketing of our own products or services. In order to target ads personalized for the behavior of Users visiting the alabasterfox.studio website, a Facebook Pixel has been implemented on it, which automatically collects information about the use of the Website. The information collected in this way is mostly transmitted to a Facebook server in the United States and stored there. The information collected as part of the Facebook Pixel is anonymous, i.e. it does not identify the User. The administrator is only informed of what actions the User has taken within its page. However, Facebook may combine this information with other information about the User collected as part of the User’s use of Facebook and use it for its own purposes, including marketing. Such activities of Facebook are no longer dependent on the Administrator, and information about them is described in Facebook’s privacy policy: https://www.facebook.com/privacy/explanation. From your Facebook account, you can also manage your privacy settings. Facebook Inc. is headquartered in the USA and uses technical infrastructure located in the USA. In order to ensure an adequate level of data protection required by European regulations, Facebook has joined the EU-US-Privacy Shield program. As part of the agreement between the US and the European Commission, the latter has determined an adequate level of data protection for companies certified by Privacy Shield.
- In order to provide Users with additional information, the alabasterfox.studio website contains links to websites administered by entities independent of the Administrator, i.e. Facebook, Instagram, Twitter, Pinterest, Threads or YouTube. Separate privacy clauses or policies may apply there. The Administrator encourages you to review with their content.
- With respect to any websites linked to the Service that are not owned or controlled by the Administrator, the Administrator assumes no responsibility for their content or the privacy policies applicable to Users. When displaying a web page containing such a link, the User’s browser will establish a direct connection to the servers of the administrators of social networks (service providers). The content of the plug-in is transmitted by the respective service provider directly to the User’s browser and integrated into the page. Thanks to this integration, the service providers receive information that the User’s browser has displayed the Administrator’s page, even if the User does not have a profile with the given service provider or is not logged in with it at the moment. Such information (along with the IP address) is sent by the User’s browser directly to the provider’s server (some servers are located in the USA) and stored there. If the User has logged into one of the social networks, this service provider will be able to directly attribute the visit to the Administrator’s website to the User’s profile on the given social network. If the User uses a given plug-in, for example, by clicking on the “Like” or “Share” button, the corresponding information will also be sent directly to the server of the given service provider and stored there. In addition, the information will be published in the respective social network and will appear to the people added as contacts of the User. The purpose and scope of data collection and its further processing and use by the service providers, as well as the possibility of contacting and the User’s rights in this regard and the possibility to make settings to ensure privacy protection are described in the privacy policies of the respective service providers.
- If the User does not want social networks to attribute the data collected during visits to the Administrator’s website directly to the User’s profile on a particular service, the User should log out of that service before visiting it. The User can also completely prevent the loading of plug-ins on the site by using appropriate extensions for his/her browser, such as blocking scripts.
V. SERVER LOGS
- Use of the site involves sending queries to the server on which the site is stored. Each request made to the server is recorded in the server logs.
- The logs include, among other things, the User’s IP address, the date and time of the server, information about the Internet browser and the operating system used. Logs are saved and stored on the server.
- The data stored in the server logs are not associated with specific persons using the site and are not used by the Administrator to identify the User.
- Server logs are only auxiliary material used to administer the site, and their contents are not disclosed to anyone except those authorized to administer the server.
VI. FINAL PROVISIONS
- The Privacy Policy is reviewed on an ongoing basis and updated as necessary.
- The current version of the Privacy Policy has been adopted and is effective as of 23/10/2023.