Mokotów
Wola
Center
Płock

Make an appointment online:

Mokotów | Wola | Center| Płock

Privacy policy

This policy describes the rules and principles for the processing and protection of personal data processed under Bondar Svitlana Anna ul. Żaryna 5/43 Warszawa 02-593 NIP: 5262535590

The policy was developed based on the requirements contained in:

  • Regulation of the European Parliament and of the Council / EU / 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC / Dz. Of UE.L No. 119, hereinafter: “GDPR”,
  • Act of 10 May 2018 on the protection of personal data (Journal of Laws of 2018, no. item 1000) . ‍

Chapter I

General

§1

The purpose of this policy is to obtain an optimal and compliant with the requirements of applicable legal acts, the method of processing information containing personal data, including ensuring the protection of personal data against all kinds of threats, both internal and external, conscious or unconscious.

§2

This policy has been implemented in relation to the content of art. 24 sec. 2 GDPR as evidence of exercising due diligence in the field of personal data protection.

§ 3

Personal data protection is achieved through physical and organizational security, system software, applications and the users themselves.

§ 4

  1. Maintaining the security of the processed personal data is understood as ensuring their confidentiality, integrity, accountability and availability at an appropriate level. The measure of security is the size of the risk related to the protection of personal data.
  2. The safeguards used are to achieve the above objectives and ensure:
  1. data confidentiality – understood as a property ensuring that data is not disclosed to unauthorized persons,
  2. data integrity – understood as a property that ensures that personal data has not been changed or destroyed in an unauthorized way,
  3. data accountability – understood as a property ensuring that the actions of a person can be uniquely attributed only to that person,
  4. system integrity – understood as system integrity, impossibility of any manipulation, both intentional and accidental,
  5. availability of information – understood as ensuring that authorized persons have access to information and related resources when it is needed,
  6. risk management – understood as the process of identifying, controlling and minimizing or eliminating security risks that may relate to information systems used to process personal data.

§ 5

  1. The administrator of personal data is Bondar Svitlana Anna ul. Żaryna 5/43 Warszawa 02-593 NIP: 5262535590 biuro@spa43.pl
  2. The personal data administrator did not consciously appoint a personal data protection officer, stating that he was not obliged to do so pursuant to Art. 37 GDPR.
  3. The personal data administrator has not appointed an IT system administrator and performs all his duties independently.

Chapter II

Scope of application

§ 6

The security policy contains information on the implemented technical and organizational safeguards ensuring protection of personal data processed.

§ 7

The security policy applies in particular to:

  1. personal data processed in paper form,
  2. personal data processed in IT systems,
  3. information on the protection of personal data, including in particular account names and passwords in personal data processing systems,
  4. register of persons authorized to process personal data,
  5. other documents containing personal data.

§8

  1. The scope of personal data protection specified in this policy applies to IT systems in which personal data are processed, and in particular to:
  2. all existing, currently implemented or in the future IT systems, in which personal data subject to protection are processed,
  3. of all locations – buildings and rooms where information to be protected is or will be processed,
  4. all employees, contractors, contractors for specific specific work contracts, contractors for service contracts, apprentices, trainees and other persons with access to the protected information.
  5. All employees, contractors, contractors for specific work contracts, contractors for the provision of services, apprentices, trainees and other persons who have access to protected information are obliged to apply the principles set out in the Security Policy.
  6. The security policy does not apply to external entities that process personal data entrusted to them for processing by the administrator of personal data on the basis of relevant entrustment agreements. These entities apply their own procedures and security measures related to the protection of personal data required by law, to which they have committed themselves under concluded contracts for entrusting the processing of personal data.

Chapter III

Description of the personal data administrator’s activity, area of ​​personal data processing and equipment used to process personal data

§9

  1. The personal data administrator runs a business and therefore personal data is processed.
  2. Personal data is processed both in electronic and paper form.

§ 10

  1. Personal data processed from anywhere and at any time, because the processing is carried out using computers and other mobile devices. Moreover, the processing takes place within the framework of IT systems installed locally on computers and those that are accessed on-line, and these systems are not installed locally on computers.
  2. As the personal data administrator entrusts the processing of personal data to third parties, the processing of personal data takes place in various locations, but in this respect the processing activities are performed by a third party or possibly entities authorized by it. The personal data administrator does not have detailed knowledge of the locations within which the data processing takes place by the entities entrusted with the processing of personal data, but these entities have committed themselves to applying appropriate measures for the protection and security of personal data required by law.

§ 11

  1. Personal data is processed using laptops and smartphones.
  2. Data processing with the use of the above-mentioned devices consists in logging into the systems in which personal data are processed. Data is also stored on computer disks.

Chapter IV

Technical and organizational measures for data security

§ 12

  1. Organizational and technical safeguards have been introduced to ensure an adequate level of personal data protection.
  2. Organizational security:
  1. a personal data protection policy has been developed and implemented,
  2. only persons authorized by the personal data administrator to process personal data,
  3. persons employed in the processing of data are familiar with the provisions on the protection of personal data and in the field of IT system security,
  4. persons employed in the processing of personal data were obliged to keep them secret,
  5. personal data are processed in conditions securing the data against unauthorized access,
  6. personal data in paper form is kept in a closed, non-metallic cabinet,
  7. documents containing personal data are destroyed with the use of shredders after the expiry of their usefulness,
  8. the location where the personal data files are stored in paper form is secured in the event of fire by equipping the room with fire extinguishers,
  9. backups / archives of the personal data file are kept in a closed non-metallic cabinet.
  1. Technical security:
  1. a Firewall system was used to protect access to the computer network,
  2. anti-malware measures have been taken,
  3. authentication using the user ID and password was used to access the data set,
  4. a hardware (license) key was used to access the dataset.
  5. authentication with user ID and password was used at computer operating system startup,
  6. measures were taken to define access rights to the indicated scope of data within the processed set of personal data,
  1. The above-mentioned technical and organizational data security measures apply only to measures implemented directly by the personal data controller. To the extent that the administrator of personal data entrusted the processing of personal data to other entities, these entities undertook to maintain appropriate personal data protection measures required by law.

Chapter V

Tasks of the personal data administrator and IT system administrator

§ 13

  1. The most important duties of the personal data controller include:
  1. organization of security and protection of personal data in accordance with the requirements of applicable law,
  2. ensuring data processing in accordance with the provisions of this policy,
  3. keeping records of persons authorized to process personal data,
  4. supervision over the security of personal data,
  5. initiating and undertaking projects to improve the protection of personal data,
  1. Each user, with the exception of the personal data administrator, before being allowed to work with an IT system processing personal data or personal data files in a paper version, should undergo training in the field of personal data protection in electronic and paper files.

§ 14

  1. The administrator of the IT system is a person defined by the administrator of personal data. The IT system administrator is appointed in writing. If the IT system administrator is not appointed, his tasks are performed by the personal data administrator. The IT system administrator is responsible for:
  1. ongoing monitoring and ensuring the continuity of computers and other devices used to process personal data and operating systems,
  2. configuration and administration of system, network and data protection software against unauthorized access,
  3. counteracting attempts to breach information security,
  4. granting, at the request of the personal data administrator, strictly defined access rights to information in a given system,
  1. The work of the IT system administrator is supervised by the personal data administrator, unless the personal data administrator has not appointed an IT system administrator – then his tasks are performed by the personal data administrator himself.

Chapter VI

Personal data breach notification and notification

§15

  1. Any breach of personal data protection should be immediately reported by users to the personal data controller.
  2. In the event of a breach of personal data protection, the data controller is obliged to report this fact to the supervisory authority in accordance with the provisions of Art. 33 GDPR and notification of the data subject, in accordance with the provisions of Art. 34 GDPR.
  3. Complaints may be submitted by e-mail to the following address: biuro@spa43.pl and by post to the following address: SPA 43 ul. Żaryna 5 lok. 43 Warsaw 02-593

Chapter VII

Final Provisions

§16

  1. The personal data controller is required to read this policy for each user.
  2. Users are required to apply the provisions of this policy when processing personal data.
  3. The template for information on the processing of personal data regarding individual contacts via the website, as well as the template for information provided to Participants / Representatives in connection with the conclusion of the contract, shall be as follows:

I. Information Clause regarding the processing of personal data in connection with individual contact:

We hereby inform you that we process your personal data provided to us in connection with e-mail or telephone contact, in accordance with the provisions of the Regulation of the European Parliament and of the Council / EU / 2016 / 679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC / Dz. Of UE.L No. 119 (GDPR), as well as the relevant provisions of Polish law.

These data are provided to us by sending us an e-mail, including via the contact form, leaving a request for telephone contact or directing an inquiry via any other communication channel .

These data are processed for the purpose of return contact and possible archiving of correspondence.

Details are below:

Personal Data Administrator

The administrator of your personal data is Bondar Svitlana Anna ul. Żaryna 5/43 Warszawa 02-593 NIP: 5262535590

Purposes and basics of processing

The data is processed for the following purposes:

      ( Article 6 (1) (b) of the GDPR),

 

  • archiving of incoming and outgoing correspondence in case of the need to prove its progress, which is our legitimate interest (Article 6 (1) (f) of the GDPR),
  • if our contact results in establishing cooperation, the data will then be processed in order to conclude and perform the contract (if this happens, the information obligation will be carried out separately for the purposes of further cooperation).

Data retention period

Your data will be processed until communication with us is completed. After this period, they may be removed, but may also be archived, if we believe that the course of communication justifies such archiving, e.g. due to the need to prove this course in the future, until any claims due to the administrator and in relation to him are time-barred. If our contact leads to establishing cooperation, the data will then be processed in order to conclude and perform the contract (if this happens, the information obligation will be carried out separately for the purposes of further cooperation).

Processing Privileges

In connection with the processing of personal data, you have the following rights:

  • the right to access your data and receive a copy of it (Article 15 of the GDPR),
  • the right to rectify (correct) your data (Article 16 of the GDPR),
  • the right to delete data (if, in your opinion, there are no grounds for us to process your data, you may request that we delete it (Article 17 of the GDPR),
  • the right to limit data processing (you may request that we limit the processing of data only to their storage or performance of activities agreed with you, if we have incorrect data or process it unreasonably (Article 18 of the GDPR), </ li >
  • the right to object to the processing of data (you have the right to object to the processing of data on the basis of a legitimate interest; you should indicate to us your special situation, which in your opinion justifies the cessation of the processing covered by We will cease to process your data for these purposes, unless we prove that the grounds for data processing override your rights or that your data is necessary for us to establish, assert or defend claims (Art. 21 GDPR),
  • the right to lodge a complaint with a supervisory authority (if you find that we are processing data unlawfully, you may submit a complaint to the President of the Personal Data Protection Office or another competent supervisory authority).

In order to exercise your rights, please send your request to the e-mail address biuro@spa43.pl

Information about the requirement / voluntary nature of the data provided

Providing your data is a condition for contacting us.

II. Information Clause on the processing of personal data and cookies for website users:

Good morning!

If you are here, it is a sure sign that you value your privacy. We understand it perfectly, that’s why we have prepared this document for you, in which you will find the rules for the processing of personal data and the use of cookies in connection with the use of the website https://www.spa43.pl/

Formal information to start with – the site administrator is Bondar Svitlana Anna ul. Żaryna 5/43 Warszawa 02-593 NIP: 5262535590 In case of any doubts related to the privacy policy, you can contact us at any time by sending a message to the following address: biuro @ spa43 .pl

Highlights:

We care about your privacy, but also about your time. That is why we have prepared for you a shortened version of the most important rules related to privacy protection.

  • By contacting us, you provide us with your personal data, and we guarantee that your data will remain confidential, secure and will not be disclosed to any third parties without your express consent.
  • We entrust the processing of personal data only to verified and trusted entities providing services related to the processing of personal data.
  • We use Google Analytics analytical tools that collect information about your website visits, such as the subpages you have displayed, the time you spent on the website or the transitions between individual subpages. For this purpose, Google LLC cookies are used for the Google Analytics service. As part of the mechanism for managing cookie settings, you have the option to decide whether we will also be able to use marketing functions as part of the Google Analytics service or not.
  • We use marketing tools such as Facebook Pixel to target ads to you. This is related to the use of Facebook cookies. As part of the cookie settings, you can decide whether you consent to our use of Facebook Pixel in your case or not.
  • We use Google AdWords remarketing tools. This is related to the use of Google LLC cookies for the Google AdWords service. As part of the mechanism for managing cookie settings, you have the option to decide whether we will be able to use Google AdWords in your case or not.
  • We belong to the Google AdSense advertising network. This is related to the use of Google LLC cookies for the Google AdSense service. As part of the mechanism for managing cookie settings, you have the option to decide whether we will be able to use personalized Google AdSense ads in your case or not.
  • We place videos from YouTube on the website. When you play such recordings, Google LLC cookies are used for the YouTube service.
  • We provide the ability to use social functions, such as sharing content on social networks and subscribing to a social profile. The use of these functions involves the use of cookies of social network administrators such as Facebook, Instagram, YouTube, Twitter, Google+, LinkedIN.
  • We use our own cookies for the proper functioning of the website.

If the above information is not sufficient for you, you will find further details below.

Personal Information

Administrator of your personal data within the meaning of the provisions on the protection of personal data is Bondar Svitlana Anna ul. Żaryna 5/43 Warszawa 02-593 NIP: 5262535590 biuro@spa43.pl

Purposes, legal bases and period of personal data processing are indicated separately for each purpose of data processing (see description of individual purposes of personal data processing below) .

Permissions . GDPR (Regulation of the European Parliament and of the Council / EU / 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC / Journal UE.L No. 119), grants you the following potential rights related to the processing of your personal data:

  • the right to access personal data (Article 15 of the GDPR),
  • the right to rectify personal data (Article 16 of the GDPR),
  • the right to delete personal data (Article 17 of the GDPR),
  • the right to limit the processing of personal data (Article 18 of the GDPR),
  • the right to object to the processing of personal data (Article 21 of the GDPR),
  • the right to data portability (Article 20 GDPR),
  • the right to lodge a complaint with a supervisory authority,
  • the right to withdraw consent to the processing of personal data, if you have given such consent (Article 7 of the GDPR).

The rules related to the implementation of the indicated rights are described in detail in Art. 15 – 21 GDPR. We encourage you to familiarize yourself with these regulations. For our part, we consider it necessary to explain to you that the above-mentioned rights are not absolute and you will not be entitled to all activities of processing your personal data. For your convenience, we have made every effort to indicate the rights you are entitled to as part of the description of individual personal data processing operations.

We emphasize that you always have one of the rights indicated above – if you believe that we have breached the provisions on the protection of personal data while processing your personal data, you have the option to lodge a complaint with the supervisory authority (President of the Personal Data Protection Office).

You can always ask us to provide you with information about what data we have about you and for what purposes we process it. All you need to do is send a message to the address biuro@spa43.pl However, we have made every effort to ensure that the information you are interested in is comprehensively presented in this privacy policy. You can also use the e-mail address provided above if you have any questions related to the processing of your personal data.

Security . We guarantee the confidentiality of all personal data provided to us. We ensure that all security and personal data protection measures required by the provisions on the protection of personal data are taken. Personal data is collected with due diligence and properly protected against access by unauthorized persons.

Entrust List . We entrust the processing of personal data to the following entities:

  • no entities

Purposes and processing steps

Email contact . By contacting us via e-mail, including sending an inquiry via the contact form, you naturally provide us with your e-mail address as the sender’s address. In addition, you can also include other personal data in the text of the message.

In this case, your data is processed in order to contact you, and the basis for processing is Art. 6 sec. 1 lit. b) GDPR, i.e. taking action at the request of the data subject before signing the contract. The legal basis for processing after the end of contact is the justified purpose of archiving correspondence for internal purposes (Article 6 (1) (c) of the GDPR).

The content of the correspondence may be archived until the expiry of the prescription of any of the parties. You have the right to request a history of correspondence with us (if it was subject to archiving), as well as request its removal, unless its archiving is justified due to our overriding interests, e.g. defense against potential claims on your part.

Cookies and other tracking technologies. Our website, like almost all other websites, uses cookies to provide you with the best user experience.

Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone) that can be read by our ICT system.

Cookies can be divided into own cookies and third party cookies.

See below for more details.

Cookie consent . During the first visit to the website, you are shown information about the use of cookies along with a question about consent to the use of cookies. Thanks to a special tool, you can manage cookies from the website level. In addition, you can always change cookie settings from your browser or delete cookies altogether. Remember, however, that disabling cookies may cause difficulties in using the website, as well as from many other websites that use cookies.

Third party cookies . Our website, like most modern websites, uses functions provided by third parties, which involves the use of cookies from third parties. The use of such cookies is described below.

Analytics and Statistics . We use cookies to track website statistics, such as the number of visitors, type of operating system and web browser used to browse the website, time spent on the website, subpages visited, etc. We use Google Analytics in this regard, which involves the use of Google LLC cookies. As part of the mechanism for managing cookie settings, you have the option to decide whether we will also be able to use marketing functions as part of the Google Analytics service or not.

As part of the cookie settings, you can decide whether you consent to our use of HotJar tracking or not.

Marketing . We use marketing tools such as Facebook Pixel to target ads to you. This is related to the use of Facebook cookies. As part of the cookie settings, you can decide whether you consent to our use of Facebook Pixel in your case or not.

We use Google AdWords remarketing tools. This is related to the use of Google LLC cookies for the Google AdWords service. As part of the mechanism for managing cookie settings, you have the option to decide whether we will be able to use Google AdWords in your case or not.

We belong to the Google AdSense advertising network. This is related to the use of Google LLC cookies for the Google AdSense service. As part of the mechanism for managing cookie settings, you have the option to decide whether we will be able to use personalized Google AdSense ads in your case or not.

Social Tools . We provide the opportunity to use social functions, such as sharing content on social networks and subscribing to a social profile. The use of these functions involves the use of cookies of social network administrators such as Facebook, Instagram, YouTube, Twitter, Google+, LinkedIN.

We put videos from YouTube on the page. When you play such recordings, Google LLC cookies are used for the YouTube service.

Server logs. Using the website involves sending queries to the server on which the website is stored. Each query directed to the server is saved in the server logs. Logs include Your IP address, server date and time, information about the web browser and operating system you use. Logs are saved and stored on the server. The data stored in the server logs are not associated with specific people using the website and are not used by us to identify you. The server logs are only auxiliary material used to administer the website, and their content is not disclosed to anyone except those authorized to administer the server.

III. Information Clause regarding the processing of personal data in connection with the conclusion of the contract:

We hereby inform you that we process your personal data provided to us in connection with the conclusion of the contract, in accordance with the provisions of Regulation / EU / 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC / Dz. Of UE.L No. 119 (GDPR), as well as the relevant provisions of Polish law.

Personal Data Administrator

The administrator of your personal data is Bondar Svitlana Anna ul. Żaryna 5/43 Warszawa 02-593 NIP: 5262535590

Purposes and basics of processing

The data is processed for the following purposes:

  • performance of the concluded contract, in particular for the purpose of contacting the Participant or his Representative (Article 6 (1) (b) of the GDPR),
  • archiving of documentation, which is our legitimate interest (Article 6 (1) (f) of the GDPR),
  • and in the case of free classes, also for the performance of a task carried out in the public interest, in particular the possible verification by the relevant authorities of the right to participate in classes (Article 6 (1) (e) of the GDPR)

Data retention period

Your data will be processed until the end of the contract. After this period, they may be removed, but may also be archived, if we believe that the performance of the contract justifies such archiving, e.g. due to the need to prove it in the future, until any claims due to the administrator and in relation to him are time-barred.

Processing Privileges

In connection with the processing of personal data, you have the following rights:

  • the right to access your data and receive a copy of it (Article 15 of the GDPR),
  • the right to rectify (correct) your data (Article 16 of the GDPR),
  • the right to limit data processing (you may request that we limit the processing of data only to their storage or performance of activities agreed with you, if we have incorrect data or process it unreasonably (Article 18 of the GDPR),
  • the right to object to the processing of data (you have the right to object to the processing of data on the basis of a legitimate interest; you should indicate to us your special situation, which in your opinion justifies the cessation of the processing covered by We will cease to process your data for these purposes, unless we prove that the grounds for data processing override your rights or that your data is necessary for us to establish, assert or defend claims (Art. 21 GDPR),
  • the right to lodge a complaint with a supervisory authority (if you find that we are processing data unlawfully, you may submit a complaint to the President of the Personal Data Protection Office or another competent supervisory authority).

In order to exercise your rights, please send your request to the e-mail address biuro@spa43.pl

Information about the requirement / voluntary nature of the data provided

Providing your data is a condition for signing a contract with us