1. The Administrator of Personal Data on the website at: choicecoaching.eu, hereinafter referred to as the Website, is Aleksandra Dziąciołowska-Piątek conducting business activity under the name CC Aleksandra Dzięciołowska-Piątek with its registered office at: ul. Poziomkowa 17, 62-052 Komorniki, Poland entered into the Central Registration and Information on Business; REGON (National Business Registry Number): 388213034; NIP (Taxpayer’s Identification Number): 6351201158.
2. Respecting your rights as subjects of personal data (data subjects) and respecting applicable law, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of physical persons in connection with the processing of personal data and on the free flow of such data and the repeal of Directive 95/46 / EC (general regulation on data protection), hereinafter referred to as GDPR, the Act of May 10, 2018 on the protection of personal data (Journal of Laws, item 1000, hereinafter referred to as the Act) and other relevant regulations on the protection of personal data, we undertake to maintain the security and confidentiality of personal data obtained from you. All employees have been properly trained in the processing of personal data, and our company, as the Personal Data Administrator, has implemented appropriate security and technical and organizational measures to ensure the highest level of personal data protection. We have implemented procedures and policies for the protection of personal data in accordance with the GDPR, thanks to which we ensure compliance with the law and reliability of data processing processes, as well as the enforceability of all your rights as data subjects. Additionally, if necessary, we cooperate with the supervisory authority in the territory of the Republic of Poland, i.e. with the Chairman of the Personal Data Protection Office (hereinafter referred to as PUODO).
3. All inquiries, requests, complaints regarding the processing of personal data by our company (Personal Data Administrator), hereinafter referred to as Notifications, should be sent to the following e-mail address: firstname.lastname@example.org or in writing to the following address of the Administrator: ul. Poziomkowa 17, 62-052 Komorniki.
4. The content of the Application should clearly indicate:
a) data of the person or persons to whom the Application refers,
b) the event that is the reason for the Report,
c) present your requests and the legal basis for these requests,
d) indicate the expected way of addressing the matter.
5. We collect the following personal data on our Website:
a) name and surname – such data may be processed when, as users of our website (including clients or potential clients), you provide us with your name and surname via e-mail, the contact form available on our website, traditional mail or by telephone contact in order to use the offer of our website and in order to provide our services to you,
b) e-mail address – which may be processed when, while as users of our Website (including customers or potential customers), you provide us with your e-mail address through contact via e-mail or the contact form available on our Website, as well as by traditional mail or by telephone; via e-mail we send you confirmation of the services you will use, while we contact you if there is such a need related to the services provided, while we answer questions related to the offer of our website, and we send a newsletter with information about services and events related to our business.
c) NIP – we collect the tax identification number from entrepreneurs and persons who request an invoice and have a NIP number/VAT Number.
d) device IP address – information resulting from the general principles of Internet connections, such as the IP address (and other information contained in systems logs) are used for technical purposes. Yet, IP addresses may also be used for statistical purposes, in particular to collect general demographic information (e.g. about the region from which the connection is made),
e) possibly other data may be collected as part of carrying out specific matters or may be provided by you as a user of our Website (as a customer or a potential customer) via e-mail, via the contact form available on the Website, traditional mail or by contact telephone.
6. Providing the data indicated in the point above is necessary in the cases indicated thre, in particular in order to contact us via the contact form or sign a contract with us.
9. In accordance with the principle of minimization, we process only the categories of personal data that are necessary to achieve the goals referred to in points 5 and 6 above.
10. We process personal data for the time necessary to achieve the goals listed in points 5 and 6 above. Personal data may be processed for a longer period than indicated in the preceding sentence, if such a right or obligation imposed on the Personal Data Administrator results from generally applicable law or if the service we provide is continuous.
11. The source of the Personal Data processed by the Administrator are the data owners.
12. The legal basis for the processing of your personal data is primarily:
a) Art. 6 sec. 1 letter b of GDPR, i.e. necessity to perform a contract to which you are a party or to take action at your request before concluding the contract,
b) art. 6 sec. 1 letter f of GDPR, i.e. the legitimate interest of the Administrator, which is the determination, investigation or defense of claims until their expiry or until the completion of the relevant proceedings, if they were initiated within this period,
c) art. 6 sec. 1 lit. a GDPR, i.e. your consent to the processing of personal data for specific purposes, when other legal grounds for the processing of personal data do not apply.
13. Your personal data is not transferred to a third country or an international organization within the meaning of the regulations of the GDPR. In the event that personal data are transferred to a third country or an international organization, you will be informed in advance and the Administrator will apply the safeguards referred to in Chapter V of the GDPR.
14. We do not disclose any personal data to third parties without the consent of the data owner. Personal data without the consent of the data owner may be made available only to public law entities, i.e. authorities and administration (e.g. tax authorities, law enforcement authorities and other entities authorized by generally applicable law).
15. Personal data may be entrusted for made available to entities processing such data for our company as the Personal Data Administrator. In such a situation, as the Personal Data Administrator, we conclude an agreement to entrust the processing of personal data with the processor. The processing entity processes the entrusted personal data, but only for the purposes, to the extent and for the purposes indicated in the entrustment agreement referred to in the preceding sentence. Without entrusting your personal data for processing, we would not be able to conduct our business on the Website.
16. Personal data is not subject to profiling by the Personal Data Administrator.
17. In accordance with the rules of the GDPR, each person whose personal data we process as the Personal Data Administrator has the right to:
a) be informed about the processing of personal data referred to in art. 12 GDPR – the Administrator is obliged to provide you, as the persons whose data will be processed, information specified in the GDPR (among others your data, DPO contact details, purposes and legal grounds for the processing of personal data, recipients or categories of recipients of personal data, if they exist; or about the period during which the data will be processed; or the criteria for determining this period); this obligation should be fulfilled already at the time of data collection (i.e. when the customer places an order in an online store), and if the data is not obtained from the data subject, but from another source – within a reasonable time, depending on the circumstances; The administrator may refrain from providing this information if the data subject already possesses it,
b) access to their personal data, as referred to in art. 15 GDPR – by providing us with your personal data, you have the right to view and access them; however, this does not mean that you have the right to access all documents on which your data appears, as they may contain confidential information; However, you have the right to information about your data and for what purpose we process the data; and the right to obtain a copy of your personal data. The first copy is issued free of charge, and for each subsequent copy, in accordance with the regulations of the GDPR, we charge an appropriate administrative fee corresponding to the cost of making a copy,
c) correcting, supplementing, updating, rectifying personal data referred to in art. 16 GDPR – if your personal data has changed, please inform us as the Personal Data Administrator about this fact so that the data we have is consistent with the actual state and up to date; also in a situation where there has been no change of personal data, but for any reasons the data is incorrect or has been recorded incorrectly (e.g. due to a typing error), please inform us in order to correct or rectify such data,
d) deletion of data (the right to be forgotten), referred to in art. 17 GDPR – in other words, you have the right to request “deletion” of data held by us as the Personal Data Administrator and the right to contact us as the Personal Data Administrator so that we inform other administrators to whom we have provided your data about the need to delete it. You may request the deletion of your personal data primarily when:
• the purposes for which the personal data have been collected have been achieved,
• the basis for the processing of your personal data was only consent, which was then withdrawn and there are no other legal grounds for further processing of your personal data,
• you have raised an objection pursuant to Art. 21 GDPR and you believe that we do not have any overriding legal grounds for further processing of your personal data,
• your personal data has been processed unlawfully, i.e. for unlawful purposes or without any basis for the processing of personal data – please remember that in this case you must have a basis for your request,
• the need to delete your personal data results from legal regulations,
• personal data relates to a minor and was collected in connection with the provision of information society services,
e) restriction of processing referred to in art. 18 GDPR – you can contact our company with a request to limit the processing of your personal data (which would mean that until the dispute is resolved, our company would primarily only store it), if:
• you contest the accuracy of your personal data, or
• you believe that we process your data without a legal basis, but at the same time you do not want us to delete this personal data (i.e. you do not use the right referred to in the preceding letter), or
• you have lodged an objection referred to in subpoint (f) of point 17, or
• your personal data is needed to establish, assert or defend claims, e.g. in court,
f) transfer the data referred to in art. 20 GDPR – you have the right to obtain your data in a format that allows the data to be read on a computer and the right to send this data in such a format to another administrator; you have this right only if the basis for the processing of your data was your consent or the data was processed automatically
g) object to the processing of personal data, as referred to in art. 21 GDPR – you have the right to object if you do not consent to our processing of personal data that we have processed so far for legitimate purposes in accordance with the law; in particular, the right to object to the processing of your personal data for direct marketing purposes,
h) not being subject to profiling referred to in Art. 22 in connection with art. 4 point 4 of the GDPR – on our website you will not be subject to automated decision making or profiling within the meaning of the GDPR, unless you consent to it; additionally, we will always inform you about profiling, if it should take place,
i) making a complaint to the supervisory body (i.e. to the President of the Personal Data Protection Office) referred to in art. 77 GDPR – if you believe that we are processing your personal data unlawfully or in any way violate the rights resulting from the generally applicable regulations of law in the field of personal data protection.
18. With regard to the right to delete data (the right to be forgotten), we would like to point out that in accordance with the regulations of the GDPR, you do not have the right to exercise this right if:
a) the processing of your personal data is necessary to exercise the right to freedom of expression and information, e.g. if you have posted your data on a blog, in comments, etc.,
b) the processing of personal data is necessary for our company to comply with legal obligations resulting from the rules – we cannot delete your data for the period necessary to comply with the obligations (e.g. tax) that are imposed on us by law,
c) the processing of your data is carried out for the purposes of investigating, establishing or defending claims.
19. If you want to exercise your rights referred to in point 17, please send a message by e-mail to the e-mail address or in writing to the correspondence address referred to in point 3 above.
20. Each identified security breach is documented, and in the event of one of the situations specified in the regulations of the GDPR or the Act, the data subjects are informed about such a breach of the rules on the protection of personal data, and – if applicable – PUODO.