Privacy policy
§1 Who is the Administrator of your personal data?
The data administrator is Rachel- Usługi Rachunkowe sc Agnieszka Garlicka, Alicja Filus, Jacek Czech, based in Kraków (31-072), ul. Wielopole, no. 18b, apartment 17, NIP 6762337379. You can contact the Administrator by writing to the following e-mail address: biuro@rachel-krakow.pl
§2 For what purpose do we collect your data and how long do we store it?
We may process your data for the following purposes:
1. Communication with you, including answering questions submitted via the contact form, e-mail, etc.;
The data will be processed based on the legitimate interest of the Administrator, in the form of communication with the Website Users (Article 6(1)(f) of the GDPR). Your data will be processed no longer than until you raise an objection or the business purpose ceases. Providing this data is voluntary, but at the same time necessary for communication with you. Data may also be processed during the archiving process for internal purposes, based on the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), until an objection is raised or the business purpose ceases.
2. Conclusion of the contract and its implementation (placing an order ) ;
3. Establishing, defending and pursuing claims;
4. Fulfillment of legal obligations imposed on the Administrator (including tax and archiving obligations) ;
The data necessary to conclude and perform the contract will be processed for the duration of the contract, including the period of exercising the rights arising from the contract, such as the right to make a complaint under the warranty (Article 6(1)(bif) ) of the GDPR). Providing this data is voluntary, but at the same time necessary for the conclusion and implementation of the contract.
Additional data provided for the purpose of, among others: to improve the performance of the contract, will be processed no longer than until you raise an objection or the business purpose ceases, based on the legitimate interest in serving customers (Article 6(1)(f) of the GDPR).
After this time, the data will be processed for the period of limitation of claims, based on the legitimate interest of the Administrator in order to defend against claims, as well as to establish and pursue claims (Article 6(1)(f) of the GDPR).
If the data is necessary to fulfill the legal obligations imposed on the Administrator ( such as issuing and storing invoices) – the data will be processed for this purpose for no longer than 6 years (archiving obligations regarding accounting documents), unless the provisions rights require a longer period (Article 6(1)(c) of the GDPR).
Data may also be archived for internal and statistical purposes, until you raise an objection or the business purpose ceases, based on the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR).
5. Providing marketing information (including sending newsletters and information about services, products, promotions, free content using other tools, e.g. chatbot, telephone);
The data will be processed based on the legitimate interest of the Administrator, in the form of marketing of the Administrator’s products and services (Article 6(1)(f) of the GDPR). The data will be processed no longer than until you raise an objection or the business purpose ceases – whichever comes first. Providing data is voluntary, but necessary to receive marketing/commercial information.
Pursuant to Art. 10 of the Act on the provision of electronic services, for the purposes of maintaining commercial and telephone communication, I need your consent. You can withdraw it at any time by clicking the link in the footer of the e-mail or by writing to me at the address provided above .
6. Administration and management of the website and groups on social media platforms (including Facebook (Meta), Instagram, LinkedIn), in the case of data processing on social media platforms, including communication and directing marketing content;
This data will be processed only if you decide to: like the page / join the group / select the “Follow” option or otherwise leave your data on the platform managed by me, e.g. by posting an entry or comment. The data will be processed for the duration of the existence of the page/group or until you raise an objection, which may be done by clicking the “Like”, “Follow” option, deleting a comment/entry or in any other way provided for on the platform/site or by contacting with me . We would like to inform you that the rules relating to the website/fanpage/group are set by the Administrator, while the rules for using the social networking site on which the page/fanpage/group is located are set by the entity managing these portals.
7. Analytical and statistical;
Data processing for analytical and statistical purposes consists in particular in analyzing data obtained automatically when using the website, including cookies. The data is processed based on the legitimate interest of the Administrator, in the form of adapting the content of the Website to the User’s preferences and optimizing the use of the Website; creating statistics that help understand how Users use the Website, which allows improving its structure and content (Article 6(1)(f) of the GDPR). Data may also be archived for internal and statistical purposes, based on the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), until you raise an objection or the business purpose ceases.
8. Recovering rejected baskets ;
If you do not complete the order, you will receive a reminder about the order you have started but not finalized. The data will be processed based on the legitimate interest of the Administrator, in the form of servicing potential customers and actual customers (Article 6(1)(f) of the GDPR). This data will be processed for the time necessary to achieve business purposes or until an objection is raised.
9. Posting comments;
The data visible on our Website when a comment is posted is processed by us for the purpose of administering the Website and its operation, and is also used to communicate with you based on the legitimate interest of the Administrator (Article 6(1)(f), for the time necessary to achieve business purposes or until you object.
10. Promotion and marketing;
If you provide us with your data, in particular in the form of an opinion regarding a product or service, including image data, it will be processed based on the Administrator’s legitimate interest in the form of marketing, for the purpose of improving the quality of services and products and promoting services and Administrator’s products. This data will be processed for the period necessary to achieve business purposes or until an objection is raised. Providing data is voluntary.
11. Collection of sensitive data;
Sensitive data is collected for the purpose of implementing the contract and its proper performance – based on your informed and voluntary consent (Article 9(2)(a) of the GDPR) – until the business purpose ceases or the consent is withdrawn. Providing data is voluntary, but necessary for the proper implementation of the contract.
§3 Who can we transfer your data to?
We transfer your data to other entities only when it is necessary to achieve the processing purposes referred to in §2 and only to the extent necessary to achieve this purpose. As a rule, we collect and process only the data that you have provided to us, excluding automatically collected data (cookies). You can find more about cookies in §7.
If necessary, your data may be transferred to entities with which we cooperate in the implementation of the above. purposes, in particular a hosting company, an IT company / entity managing the website, a company providing accounting and bookkeeping services, a company providing an invoice program, a company providing newsletter services, a company providing cloud services, entities providing marketing services, entities providing administrative services, entities providing services consulting, subcontractors, lawyers, couriers or postal operators, training platform, social media platform, customer service platform, platform for making appointments, platform for providing products or providing services, other entities that support the Administrator in achieving the purposes of processing.
As a rule, data will not be transferred outside the EEA, except for the situations described below. In other cases, if data will be transferred outside the EEA, it will be based on your consent, standard contractual clauses or other safeguards provided for in the GDPR, after meeting, among others: information obligation.
Services provided by Google or Facebook (META) are generally provided by entities based in the European Union. However, due to the global nature of the operations of these entities, your data may be transferred to the USA due to their storage on American servers (in whole or in part). Regardless, Google and Facebook have implemented safeguards consistent with GDPR requirements to protect personal data through the use of standard contractual clauses. More information about the principles of data processing by the above-mentioned entities. suppliers, can be found in the Privacy Policies of each entity.
§4 What rights do you have ?
In connection with the GDPR, you have the right to access your personal data, rectify personal data, delete personal data, limit the processing of personal data, object to the processing of personal data, transfer personal data, withdraw consent to data processing; withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal. Detailed information regarding the above-mentioned rights are contained in the GDPR Regulation, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/ 46/EC (General Data Protection Regulation).
If you believe that your personal data is being processed contrary to applicable law, you have the right to complain to the President of the Office for Personal Data Protection. In such a case, I encourage you to contact me in advance to clarify your doubts.
§5 Is your data profiled?
The administrator analyzes personal data in an automated manner, using tools provided by software suppliers (e.g. statistics, history), only to the extent that it does not produce any legal effects for you or does not significantly affect your situation, including your guaranteed rights. and freedom. The purpose of data processing in an automated manner is to learn about Users’ preferences (more information about the analysis can be found in §7 Cookie policy).
§6 Legal provisions applicable to personal data
In unregulated matters, the relevant provisions of law, including European law (including GDPR), shall apply.
§7 File policy – cookies
The website does not automatically collect any information, except for information contained in cookies. This data is collected in a way that makes it impossible to identify the User, the so-called anonymous data.
Cookies (so-called “cookies”) are IT data, in particular text files, which are stored on the Website User’s end device and are intended for using the Website. Cookies usually contain the name of the website they come from, their storage time on the end device and a unique number.
Cookies are used: to adapt the content of the Website to the User’s preferences and to optimize the use of the Website, as well as to create statistics that help understand how Users use the Website, which allows improving its structure and content.
You can make changes to your cookie settings yourself. In many cases, the web browser allows cookies to be stored on the User’s end device by default. Detailed information about the possibilities and methods of handling cookies is available in the software (web browser) settings. Failure to consent to cookies may limit the operation of some functionalities on the Website.
The Administrator uses technologies that monitor actions taken by the User on the Website:
– Facebook conversion pixel (Meta) provided by Meta Platforms Ireland Limited – to manage ads on Meta and conduct remarketing activities; Facebook Pixel is a piece of code published on a website that allows you to reach the target group based on the data of people who used the website. As part of the Facebook Pixel function, it is therefore possible to display published ads on portals belonging to Meta only to portal users who have shown interest in products or services or have common factors to the above-mentioned. people. These data are processed based on the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR). Detailed information regarding the Facebook Pixel can be found on the Facebook Privacy Policy (Meta) page.
– Google tools, including Google Analytics provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data obtained as part of the use of the above-mentioned. I use the tools to analyze website statistics. Google Analytics uses its own cookies to analyze the activities and behaviors of Website Users. These files are used to store information, e.g. from which website the User came to the current website. They help improve the Site. These data are processed based on the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR). Detailed information about Google Analytics can be found on the website: rules for using Google tools.
§8 Social plugins
The Website uses plug-ins, widgets and other social tools provided by portals such as: Facebook (Meta), Instagram, YouTube, LinkedIn. The rules regarding the processing of personal data are described directly on the above-mentioned websites. Service providers.
§9 Joint administration
Data processed for the purposes of statistics collected on the Facebook (Meta) platform are co-administered by the Administrator and Meta Platforms Ireland Limited, based at 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, hereinafter referred to as the Co-Administrator. Detailed rules regarding co-administration of data, including information on your rights, are described on the Privacy Policy page .
Data processed within the LinkedIn platform is co-administered by the Administrator and LinkedIn Ireland Unlimited Company, address: Legal Dept. (Privacy Policy and User Agreement), Wilton Place, Dublin 2, Ireland, hereinafter referred to as the Joint Controller. Detailed rules regarding co-administration of data, including information on your rights, are described on the Privacy Policy page.
The Administrator processes data based on the Administrator’s legitimate interest, consisting in conducting analyzes of Users’ activity, as well as their preferences, in order to improve the functionalities used and the services provided. In matters relating to personal data, you can contact both the Administrator and the Joint Administrator.