Privacy policy

The privacy policy describes how we process information about you, including personal data and cookies.

I. DEFINITIONS

  1. Personal data administrator, Administrator Marzena Kęska operating under the business name MANU Marzena Kęska in Mszana Dolna, Leśna 1, 34-730 Mszana Dolna, Tax Identification Number (NIP): 6812067500.
  2. Personal data – all information about a natural person identified or identifiable by one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, internet identifier and information collected through cookies or other similar technology.
  3. Policy – this Privacy Policy.
  4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
  5. Website – the website maintained by the Administrator at https://manuonline.pl/;
  6. User – any natural person visiting the Site or using one or more of the services or functionalities described in the Policy.

II. DATA PROCESSING IN RELATION TO THE USE OF THE WEBSITE

In connection to the User’s use of the Website, the Administrator collects data to the extent necessary to provide the services offered, as well as information about the User’s activity on the Website. The detailed principles and purposes of the processing of personal data collected during the User’s use of the Website are described below.

III. PURPOSES AND LEGAL BASES OF DATA PROCESSING

Use of the website

Personal data of all persons using the Website (including IP address or other identifiers and information collected through cookies, or other similar technologies) is processed by the Administrator:

  1. for the purpose of providing electronic services in terms of providing Users with access to content collected on the website, providing contact forms – in which case the legal basis for the processing is the necessity of the processing for the performance of the contract (Art. 6(1)(b) GDPR);
  2. for the purpose of handling complaints – in which case the legal basis for the processing is the necessity of the processing for the performance of the contract (Article 6(1)(b) GDPR);
  3. for analytical and statistical purposes, in which case the legal basis for the processing is the Administrator’s legitimate interest (Article 6(1)(f) GDPR), consisting of conducting analyses of Users’ activities, as well as their preferences in order to improve the functionalities used and services provided;
  4. for the purpose of possibly establishing, pursuing or defending against claims – the legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) to protect their rights;
  5. for the Administrator’s marketing purposes.

 

Contact

  1. The Administrator ensures that the User can contact them by using the email address or other forms of communication indicated on the Website. In order to establish contact through email or other forms of communication indicated on the Website requires providing personal data necessary for the Administrator to contact the User and respond to the inquiry. The User may also provide additional data to facilitate contact or processing of the inquiry. Providing data marked as mandatory is required for accepting and handling the inquiry, and failure to provide such data will result in the inability to process the inquiry. Providing other data is voluntary.
  2. Personal data is processed:
    1. for the identification of the sender and the handling of their request – the legal basis of the processing is the necessity of the processing for the performance of the service contract (Article 6(1)(b) GDPR);
    2. for analytical and statistical purposes – the legal basis of the processing is the legitimate interest of the Administrator (Article 6(1)(f) GDPR) consisting of keeping statistics of queries submitted by Users via the Website in order to improve its functionality.

IV. MARKETING

Marketing purposes

  1. The Administrator processes the Users’ personal data in order to carry out marketing activities, which may involve:
    1. displaying marketing content to the User that corresponds to the User’s interests (behavioural advertising);
    2. sending email notifications of interesting offers or content, which in some cases contain commercial information;
  2. For the purpose of conducting marketing activities, the Administrator may, in certain cases, use profiling. This means that, through the automatic processing of data, the Administrator evaluates selected factors concerning natural persons in order to analyse their behaviour or create future forecasts.

Behavioural advertising

  1. The Administrator processes Users’ personal data, including personal data collected through cookies and other similar technologies, for marketing purposes in connection with the targeting of Users with behavioural advertising (i.e. advertising that is tailored to the User’s preferences). The processing of personal data in such cases also includes profiling Users. The use of personal data collected through this technology for marketing purposes is carried out on the basis of the legitimate interest of the Administrator and only on the condition that the User has consented to the use of cookies. Consent to the use of cookies can be given through the appropriate configuration of the browser and can also be withdrawn at any time, in particular by clearing the history of cookies and disabling cookies in the browser settings.
  2. This consent may be withdrawn at any time.

Direct marketing

If the User has consented to receive marketing information by email, the User’s personal data will be processed for the purpose of sending such information. The basis for data processing is the legitimate interest of the Administrator to send marketing information within the limits of the consent given by the User (direct marketing). The User has the right to object to the processing of data for direct marketing purposes, including profiling. The data will be stored for this purpose for the duration of the Administrator’s legitimate interest, unless the User objects to receiving marketing information.

V. SOCIAL NETWORKS

  1. The Administrator processes the personal data of Users visiting the Administrator’s profiles maintained on social media (Facebook, Instagram). This data is processed exclusively in connection with the running of the profile, including for the purpose of informing Users about the Administrator’s activities and promoting various types of events, services and products, as well as for the purpose of communicating with users through the functionalities available in social media. The legal basis for the Administrator’s processing of personal data for this purpose is its legitimate interest (Article 6(1)(f) GDPR), consisting of promoting its own brand and building and maintaining a brand-related community.
  2. Social media plugins are integrated on the Website. This means that if the User clicks on one of these buttons, certain information will be shared with the providers of these social media channels. If the User is simultaneously logged into their social media account, the social media provider may link this information to the User’s account on the social media platform and make the User’s activities public on their profile, thereby sharing them with other network users.
  3. Plugins, known as social media plug-ins, such as Facebook and Instagram, may be present on the Website. The associated services are provided by Facebook and Instagram, operated by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, and Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA Facebook;
  4. The plugin only provides its provider with information about the time the User accessed the Website. If the User is logged in to their account on Facebook, for example, while viewing or staying on the Website, the provider is able to combine the User’s interests, information preferences and other data obtained, for example, by clicking the ‘Like’ button or leaving a comment or entering the profile name in searches. Such information will also be transmitted by the browser directly to the provider. To avoid logging a visit to the User’s account with the respective social media provider while on the Website, it is necessary to log out of the account before beginning to browse the Website.
  5. The Website also contains links to websites administered by entities independent of the Administrator, i.e. Facebook and Instagram. Separate privacy clauses or policies may apply there. The Administrator encourages Users to familiarise themselves with their content, as the Administrator has no control over the data collected and data processing processes, as well as no knowledge of the full extent of their acquisition, the purpose of their processing or the duration of their storage. The Administrator also has no information on the deletion of data collected by plugin providers.
  6. Addresses of plugin providers and URLs to their privacy policies:
    1. Facebook: http://www.facebook.com/policy.php ; further information on data collection: http://www.facebook.com/help/186325668085084 ; http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo . Facebook has joined the EU-US Privacy Shield agreement, https://www.privacyshield.gov/EU-US-Framework .
    2. Instagram: https://help.instagram.com/519522125107875 .

VI. COOKIES AND SIMILAR TECHNOLOGY

Cookies are small text files installed on the User’s device when browsing the Website. Cookies collect information to facilitate the use of the Website, e.g. by remembering the User’s visits to the Website and the actions performed by them.

Functional cookies

The Administrator uses so-called functional cookies primarily to provide the User with services provided electronically and to improve the quality of these services. In this regard, the Administrator and other entities providing analytical and statistical services to the Administrator make use of cookies, storing information or accessing information already stored in the User’s telecommunications end device (computer, phone, tablet, etc.). Cookies used for this purpose include:

    1. cookies with data entered by the User (session ID) for the duration of the session (user input cookies);
    2. authentication cookies used for services that require authentication for the duration of the session (authentication cookies);
    3. cookies used to ensure security, e.g., those used to detect authentication abuse (user centric security cookies);
    4. session cookies for multimedia players (e.g., Flash player cookies), for the duration of the session (multimedia player session cookies);
    5. persistent cookies used for personalising the User interface for the duration of the session or slightly longer (user interface customization cookies);
    6. cookies used to remember the contents of the shopping cart for the duration of the session (shopping cart cookies);

Marketing cookies

The Administrator also uses cookies for marketing purposes, including the delivery of behavioural advertising to Users. To this end, the Administrator stores information or accesses information already stored on the User’s telecommunications device (computer, phone, tablet, etc.). The use of cookies and the personal data collected through them for marketing purposes requires obtaining the User’s consent. This consent can be given through appropriate configuration of the browser and can be withdrawn at any time, particularly by clearing the cookies history and disabling cookies in the browser settings.

VII. PERIOD OF PROCESSING OF PERSONAL DATA

We will process your personal data for the duration of the contract and for the time necessary to demonstrate performance of the contract, and for the length of the statute of limitations for claims.

VIII. USER RIGHTS

  1. Data subjects have the following rights:

a) The right to information about the processing of personal data – The Administrator provides information about the processing of personal data, including, in particular, the purposes and legal bases for processing, the scope of the data held, the entities to whom the personal data is disclosed, and the planned date for their deletion;

b) The right to obtain a copy of the data – The Administrator provides a copy of the processed data concerning the person making the request;

c) The right of rectification – The Administrator rectifies any inconsistencies or errors regarding the personal data processed, and supplements or updates them if they are incomplete or have changed;

d) The right to erasure (the so-called ‘right to be forgotten’) – is the basis for requesting the deletion of data that is no longer necessary for the purposes for which it was collected;

e) The right to restrict processing – the Administrator ceases to carry out operations on the personal data, with the exception of operations consented to by the data subject and their storage, in accordance with the accepted retention rules, or until the reasons for restricting the processing cease to exist (e.g. a decision is issued by a supervisory authority authorising further processing);

f) The right to data portability – to the extent that the data is processed in connection with a contract concluded or consent given, the Administrator provides the data supplied by the data subject in a computer-readable format. It is also possible to request that the data be sent to another entity – provided that both the Administrator and the other entity to which the data is sent have the appropriate technical conditions for such transfer;

g) The right to object to processing for marketing purposes – the data subject may object at any time to the processing of personal data for marketing purposes, without having to justify such objection;

h) The right to object to other purposes of processing – the data subject may at any time object to the processing of personal data on the basis of a legitimate interest of the Administrator (e.g. for analytical or statistical purposes, or for reasons relating to the protection of property). An objection in this respect should include a justification and is subject to assessment by the Administrator;

i) The right to withdraw consent – if the data is processed based on consent, the data subject has the right to withdraw it at any time, but this does not affect the lawfulness of processing carried out prior to the withdrawal of that consent;

j) The right to lodge a complaint – if the processing of personal data is considered to be in breach of the provisions of the GDPR or other data protection legislation, the data subject may lodge a complaint with the President of the Personal Data Protection Office.

  1. A request for the exercise of the rights of data subjects, along with the indication of the request, may be submitted in writing to the address of the Administrator’s registered office at. Leśna 1, 34-730 Mszana Dolna or by email to the Administrator’s e-mail address: biuro@manuonline.pl.
  1. If the Administrator is unable to determine the content of the request or identify the applicant based on the notification made, the Administrator will request additional information from the applicant.
  2. Applications will be responded to within one month of receipt. If it is necessary to extend this period, the Administrator will inform the applicant of the reasons for such extension.
  3. The response will be provided to the email address from which the request was sent, and in the case of requests submitted by post, it will be sent by regular mail to the address specified by the applicant, unless the content of the letter indicates a desire to receive feedback at the email address (in which case, the email address should be provided).

IX. RECIPIENTS OF THE DATA

  1. In connection with the performance of the services, personal data will be disclosed to external entities, including in particular suppliers responsible for the operation of IT systems, entities such as payment operators, entities providing accounting, legal, auditing, consulting services, couriers (in relation to the performance of an order) and entities cooperating with the Administrator, such as entities providing activities organised by the Administrator.
  2. The Administrator reserves the right to disclose selected information regarding the User to the relevant authorities or third parties that request such information, based on an appropriate legal basis and in accordance with applicable law.

X. TRANSFER OF DATA OUTSIDE THE EEA

The Administrator will not transfer the personal data of Website Users to a third country (outside the European Economic Area) or to an international organisation, with the exception of the situations and entities expressly indicated in this privacy policy (such as Facebook) or in connection with the need to perform a contract, i.e. to transfer the data to a courier or payment operator.

XI. SECURITY OF PERSONAL DATA

  1. The Administrator carries out a risk analysis on an ongoing basis to ensure that personal data is processed by them in a secure manner – ensuring, in particular, that only authorised persons have access to the data and only to the extent necessary for the performance of their tasks. The Administrator ensures that all operations on personal data are recorded and carried out only by authorised employees and collaborators.
  2. The Administrator takes all necessary measures to ensure that also its subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process personal data on behalf of the Administrator.

XII. CONTACT DETAILS

Contact with the Administrator is possible:

  1. by traditional mail, the Administrator’s registered office address at Leśna 1, 34-730 Mszana Dolna;
  2. by email, Administrator’s address: biuro@manuonline.pl.

XIII. AMENDMENT TO THE PRIVACY POLICY

The policy is regularly reviewed and updated as necessary.