PRIVACY POLICY WITH COOKIE POLICY

Definitions

 

  1. Whenever the following capitalized terms are used in the Privacy Policy or Cookie Policy, they should be understood in the following meaning:
    • Administrator – the administrator of personal data and the Websites is Archive by X Mateusz Marmurowicz, ul. Nakielska 144B, 85-391 Bydgoszcz, NIP: 9671475769 , Regon: 528385250 contact details: tel. +488810769461, e-mail contact@archivebyx.com;
    • Brands – brands of products in the Administrator's portfolio: ARCHIVE BY X
    • User – any person using the Newsletter, Fanpage, Commercial Information, Websites and Contact Form;
    • Websites – a website (a group of interconnected websites) consisting of the following domains: www.archivebyx.com/
    • Social Media – fanpages, channels, profiles of the Administrator or Administrator’s Brands run by the Administrator on social networking sites, e.g. Facebook, YouTube, Twitter, which contain a reference/link to these Regulations or the Privacy Policy;
    • Newsletter – a service provided electronically, the subject of which is the delivery – after prior consent expressed by the User – of periodic marketing materials promoting the Administrator’s activities;
    • Contact Form – a service provided electronically, available on the Websites, the purpose of which is to enable the User to send a message to the Administrator;
    • Commercial Information – commercial information sent electronically, within the meaning of the Act of 18 July 2002 on the provision of services by electronic means;
    • Regulations – these Regulations of the Privacy Policy together with the Cookies Policy,
    • GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ EU 2016 L No. 119);
    • Services – services provided electronically on the Websites and in Social Media by the Administrator based on the Regulations.

 


Privacy Policy


This privacy policy (hereinafter referred to as the "Privacy Policy") defines the principles of collecting, processing and using personal data obtained from Users in connection with their use of the Services.

Personal data administrator

The controller of personal data processed for the purpose of providing the Services is the Administrator: Archive by X Mateusz Marmurowicz ul. Nakielska 144B, 85-391 Bydgoszcz, NIP: 9671475769 , Regon: 528385250

You can contact the Administrator using the following details:

  1. Traditional correspondence address: Archive by X Mateusz Marmurowicz ul. Nakielska 144B, 85-391 Bydgoszcz
  2. Email correspondence address: contact@archivebyx.com
  3. By phone: +48881076946
The Administrator limits the collection and use of information about Users to the necessary minimum, required to provide them with services at the desired level, in accordance with Article 18 of the Act on the provision of services by electronic means.


The Administrator uses technical and organizational measures to ensure respect for the privacy and protection of Users' personal data.

In the case of Services provided on social media portals: Sharing, Social Media and Links to Social Media, the separate administrators of the personal data of users of individual portals are the service providers of these portals. The Administrator is not responsible for either the services provided by social media portals or for the processing of personal data of users of these portals. The Administrator is responsible only for processing as part of the provision of Services under the Regulations.

Should you require clarification on any matters relating to the processing of personal data by the Administrator, please contact us directly using the contact details provided above.

Purposes, legal basis and duration of data processing

Not all information processed by the Administrator as part of the provision of Services may constitute personal data. This may depend on how the User uses the Services and what other data about that User is processed by the Administrator. In order to ensure full rights for Users, the Administrator informs in this Privacy Policy about the processing of all information, regardless of whether it will formally fulfill the definition of personal data under the GDPR or will remain outside the scope of the GDPR.

  1. Websites, Brand Links, Brand Social Media Links, Sharing
    • In order to provide the Website service, the Administrator processes information about the User's device in order to ensure the correct operation of the services: the computer's IP address, information contained in Cookies or other similar technologies, session data, web browser data, device data, data about activity on the Website, including on individual subpages.
    • This information does not contain data relating to the identity of Users, but in combination with other information may constitute personal data and therefore the administrator provides it with full protection under the GDPR.
    • These data are processed in accordance with Article 6, paragraph 1, letter b of the GDPR, in order to implement the Website service, i.e. the agreement for the provision of services by electronic means in accordance with the Regulations and in accordance with Article 6, paragraph 1, letter a of the GDPR in connection with the consent to the use of specific Cookies or other similar technologies, expressed through appropriate settings of the web browser in accordance with the Telecommunications Law. The data are processed until the User ends his/her use of the Website.
    • Within the framework of Links to Social Media Brands and Sharing, separate entities obtaining information about Users using the aforementioned Links or buttons are entities providing services of individual social networking sites (e.g. Facebook, Instagram, Twitter, Youtube). Information regarding data collected by social networking sites is included in the privacy policies of individual sites.

  2. Contact form
    • The name, e-mail address, title and content of correspondence are processed for the time necessary to resolve the User's case, including sending marketing information about products or services selected by the User, and for no longer than 3 months after resolving the case for archiving purposes in the event of the need to defend against potential claims against the Administrator.
    • Providing an e-mail address and entering the content of the message are necessary to use the Contact Form Service. The User may provide additional information in the Contact Form, such as: name, surname and phone number; if he prefers the Administrator to contact him in a different way. Providing the above data is voluntary and depends on the will of the User.
    • These data will be processed on the basis of voluntary consent expressed before sending the completed contact form in order to implement the Contact Form Service in accordance with the Regulations (Article 6, paragraph 1, letter a of the GDPR).
    • If the inquiry concerns Brands, products or Services, the response will include the Commercial Information so ordered.

  3. Newsletter
    • The Administrator processes the e-mail addresses of Newsletter subscribers in order to implement the ordered Newsletter service provided electronically on the basis of the Regulations. The Administrator processes the data:
      • 1) the e-mail address provided,
      • 2) date of subscription,
      • 3) information about sending Newsletters.
    • In addition, the Administrator processes e-mail addresses provided for the provision of the Newsletter service to implement the service in accordance with the Regulations and this Privacy Policy, in particular to inform about changes in the above-mentioned documents.
    • These data are processed on the basis of voluntary consent expressed when ordering the Newsletter service, in accordance with Article 6 paragraph 1 letter a of the GDPR, in order to implement the Newsletter service.

  4. Administrator
    • processes Users' personal data in order to enable them to use Social Media. The Administrator has the following information:
      • 1) about liking Social Media,
      • 2) about social media activity,
      • 3) the content of comments and posts posted by the User.
    • These data are processed in accordance with Article 6 paragraph 1 letter b of the GDPR, for the purpose of providing services, i.e. the contract for the provision of services by electronic means in accordance with the Regulations.
    • In addition, the Administrator may share public posts of Users or otherwise use information made public on Social Media, including in the scope of other activities of Users on Social Media, for the Administrator's marketing and PR purposes, e.g.: share public posts of Users, perform analyses and statistics on User activity, respond to User posts.
    • These data are processed in accordance with Article 6, paragraph 1, letter f of the GDPR, i.e. in order to implement the legitimate interest of the Administrator, consisting in the implementation of its marketing and image goals. At the same time, Users using Social Media are aware that certain information is public and visible to other users of these Social Media, and even Users themselves decide which information will be public and which with limited visibility, by making appropriate profile settings.
    • In addition, in the scope of using the forms of direct contact available in the Administrator's Social Media (e.g. Messenger), the Users' personal data will be processed in order to enable the Administrator to contact the User, in particular their name and surname or the User's name on the social networking site, the content of correspondence (messages, threads). Messages are not stored by the Administrator in places other than the social networking site, unless their further processing is necessary for other purposes described below.
    • These data are processed in accordance with Article 6 paragraph 1 letter f of the GDPR, in the legitimate interest of the Administrator and Users consisting in the need to ensure contact between Users and the Administrator, and the processing of these data does not violate the rights and freedoms of Users.
    • The content of correspondence and contact information are processed for the time necessary to resolve the User's case and for no longer than 3 months after the case has been resolved for archiving purposes in the event of the need to defend against potential claims against the Administrator. After this time, they are deleted from the Administrator's Social Media, after which the Administrator will no longer be able to access this data.

  5. Complaints
    • In order to consider a complaint, the Administrator processes the personal data of Users submitting complaints, in particular the e-mail address, name, content of the complaint, circumstances of the event that caused the complaint, information obtained in the course of considering the complaint, including explaining the event that caused it. In the course of considering a complaint, the Administrator may process a number of other information, including the User's name and surname, information on the User's use of services, Cookies or other similar technologies, information about devices.
    • These data are processed in accordance with Article 6 paragraph 1 letter b of the GDPR, in order to provide services, i.e. the contract for the provision of services by electronic means in accordance with the Regulations and are processed for the time necessary to consider the complaint and for no longer than 1 year after the end of the complaint procedure, for archiving purposes in the event of the need to defend against possible claims against the Controller in accordance with the information provided below.
  6. Investigative proceedings, pursuing claims
    • In the event of initiating explanatory proceedings concerning a possible violation of the provisions of the Regulations or legal regulations, principles of social coexistence or good customs, proceedings for the purpose of pursuing claims by the Administrator or other Users or entities, defense against claims of Users or other entities, the Administrator may process the personal data of specific Users until the end of the ongoing proceedings and until the expiry of the limitation period for the administrator's claims against the User, which is usually 3 years in accordance with the Civil Code, but in special cases provided for by law it may be longer.
    • If personal data are processed for the purpose of pursuing claims of other Users, such data may be made available for this purpose to another User or entity or a public authority authorized under the provisions of law, e.g. courts, police, prosecutor's office.
    • These data will then be processed, including shared in accordance with art. 6 sec. 1 letter c of the GDPR, i.e. in order to fulfil the obligation arising from the provisions of law concerning the obligation to consider complaints, in accordance with the Act on the provision of services by electronic means or in accordance with art. 6 sec. 1 letter f of the GDPR, i.e. in the legitimate interest of the Administrator consisting in pursuing its claims against the User. The legitimate interest of the administrator will then be the overriding objective over the rights and freedoms of the Service Recipient.

  7. Claims settlement
    • If it is necessary for the Administrator to pursue claims or defend against claims, the Administrator may process the personal data of specific Users until the end of the ongoing proceedings and until the expiry of the limitation period for the Administrator's claims against the User, which is usually 3 years in accordance with Article 118 of the Civil Code, but in special cases provided for by law it may be longer.
    • These data will then be processed in accordance with Article 6 paragraph 1 letter f of the GDPR, i.e. in the legitimate interest of the Administrator consisting in pursuing its claims against the User or defending against claims. The legitimate interest of the Administrator will then be the overriding objective over the rights and freedoms of the Service Recipient.

  8. Service Usage Statistics
    • In order to improve the quality of its services, the Administrator processes statistical information regarding the use of the Websites, including information about the session, IP number, amount of time spent on individual pages and subpages, use of individual functionalities of the Services, information about the device and the web browser. The Administrator uses Cookies or other similar technologies and the statistical tools Google Analytics, Facebook Insight. provided by Google and Facebook.
    • These data are processed in accordance with Article 6 paragraph 1 letter f of the GDPR in the legitimate interest of the Administrator consisting in facilitating the use of the Service, improving the quality and functionality of the Services provided, and the processing of these data does not violate the rights and freedoms of Users. Information about Users is not used for any additional purposes, and due to the specificity of the Services, adapting the way the content of the Websites and Social Media is displayed, information, facilitating the use of the Websites and Social Media and improving the quality of the provision of Services is not only a market standard, but also an expectation of Users towards the suppliers of Websites and Social Media.
    • In addition, the User may withdraw their consent at any time by changing the settings of their web browser regarding the admissibility of the use of Cookies or other similar technologies.
    • This data is processed as part of the Administrator's current activities, but no longer than for a period of sixty days from the receipt of information. After this time, the Administrator may continue to process general statistical data, which will be devoid of any information regarding individual Users.
    • The period of availability of statistical data in Google Analytics, Facebook Insight tools provided by Google, Facebook may be longer than sixty days, but this is beyond the scope of the administrator's decision. The administrator will not use them any longer, but will have potential access to them until they are deleted by the provider of the aforementioned tool.

  9. Marketing and PR activities of the Administrator
    • On the Websites and in Social Media, the Administrator may post marketing information about its products or Brands. The display of this content is carried out by the Administrator in accordance with art. 6 sec. 1 letter f of the GDPR, in accordance with the legitimate interest of the Administrator consisting in the publication of content related to the Services provided. At the same time, this action does not violate the rights and freedoms of Users, and Users expect to receive content of similar content, and sometimes even expect it or it is their direct purpose of visiting the Website.

  10. Profiling
    • The Administrator performs the functions of obtaining information about Users and their behavior in the following manner:
      • through information entered voluntarily (e.g. in the Contact Form);
      • by collecting cookies;
      • by using Google Analytics and Facebook Insight.
    • The data provided by the User are processed solely for the purpose of providing the Services in accordance with Article 6 paragraph 1 letter f of the GDPR, in accordance with the legitimate interest of the Administrator in providing the Services.
    • A User who is a natural person has the right to object to being included in the profiling mechanism at any time. The Administrator declares that it has the technical tools to enable a User who is a natural person to express an objection. To express an objection, you should send a message to the following address: ... or by post to the Administrator's registered office with the note "Objection personal data".

  11. Third Party Marketing
    • Information obtained from Cookies is also processed for marketing purposes of other entities, including being made available to other entities, in order to present Users with marketing information from other entities in a personalized manner, tailored to the estimated interests of Users. In this way, entities using this information present information more tailored to Users, thanks to which they achieve greater effectiveness, and Users do not receive information completely inappropriate to their potential interests.
    • These data are processed on the basis of the legitimate interest of the Administrator and third parties using this information for their own marketing purposes, i.e. in accordance with Article 6 paragraph 1 letter f of the GDPR.

  12. Recipients of Users' data
    • Users’ personal data are disclosed only to entities processing data on behalf of the Administrator on the basis of a written data processing agreement providing hosting, website maintenance, IT, marketing, CRM and PR services.

  13. Transfer of personal data to third countries
    • Personal data will not be processed in third countries.

  14. Rights of persons whose personal data is concerned
    • Every data subject has the right to:
      • 1) access – obtaining confirmation from the controller as to whether his or her personal data is being processed. If data about a person is being processed, he or she is entitled to access it and obtain the following information: about the purposes of processing, categories of personal data, information about the recipients or categories of recipients to whom the data has been or will be disclosed, the period of data storage or the criteria for determining it, the right to request the rectification, deletion or restriction of the processing of personal data of the data subject and to object to such processing (Article 15 of the GDPR);
      • 2) to receive a copy of the data – to obtain a copy of the data being processed, where the first copy is free of charge and for subsequent copies the controller may impose a reasonable fee resulting from administrative costs (Article 15 paragraph 3 of the GDPR);
      • 3) to rectify – to request the rectification of personal data concerning him/her that are incorrect or the completion of incomplete data (Article 16 of the GDPR);
      • 4) to delete data – request the deletion of his or her personal data if the controller no longer has a legal basis for their processing or the data are no longer necessary for the purposes of processing (Article 17 of the GDPR);
      • 5) to restrict processing – request to restrict the processing of personal data (Article 18 of the GDPR), when:
        1. a) the data subject questions the accuracy of the personal data – for a period enabling the controller to verify the accuracy of such data,
        2. b) the processing is unlawful and the data subject opposes their deletion, requesting the restriction of their use,
        3. c) the administrator no longer needs the data, but the data subject requires it to establish, pursue or defend legal claims,
        4. d) the data subject has objected to the processing – until it is determined whether the legitimate grounds on the part of the controller override the grounds for objection of the data subject;
      • 6) to transfer data – to receive, in a structured, commonly used and machine-readable format, personal data concerning him/her which he/she has provided to the controller, and to request the transmission of such data to another controller, if the data are processed on the basis of the consent of the data subject or a contract concluded with him/her and if the data are processed by automated means (Article 20 of the GDPR);
      • 7) to object – to object to the processing of their personal data for the legitimate purposes of the controller, for reasons related to their particular situation, including profiling. In such a case, the controller assesses the existence of important legitimate grounds for processing that override the interests, rights and freedoms of the data subjects, or grounds for establishing, pursuing or defending claims. If, according to the assessment, the interests of the data subject are more important than the interests of the controller, the controller will be obliged to cease processing the data for these purposes (Article 21 of the GDPR);
      • 8) to withdraw consent at any time and without giving a reason, but the processing of personal data carried out before the withdrawal of consent will still be lawful. Withdrawal of consent will result in the controller ceasing to process personal data for the purpose for which the consent was given.
    • In order to exercise the aforementioned rights, the data subject should contact the controller using the contact details provided and inform him/her which right he/she wishes to exercise and to what extent.

  15. President of the Personal Data Protection Office
    • The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office with its registered office in Warsaw, ul. Stawki 2, who can be contacted in the following way:
      • 1) by mail: ul. Stawki 2, 00-193 Warsaw,
      • 2) via the electronic mailbox available at: https://www.uodo.gov.pl/pl/p/kontakt,
      • 3) by phone: (22) 531 03 00.

Cookie Policy

In order to improve the functionality of the Websites, the Administrator declares that it uses cookies.

  1. What are cookies?
    • Cookies are files saved on the device (computer, smartphone, tablet) on which the Internet browser used by the User to browse the Websites is installed.
    • Cookies used by the Administrator do not store any personal data of the User. The identity of the User is not disclosed by cookies. However, when combined with other data held by the Administrator, cookies may constitute information that is personal data.
  2. What types of cookies does the Administrator use?
    • The Administrator uses the following types of cookies:
      • 1) Permanent
      • 2) Own
      • 3) Advertising
      • 4) Functional
    • Cookies from third-party websites may also be saved on the User's device, in particular: Facebook, Google, Twitter. Information about cookies from these websites can be found on the websites belonging to these entities.
  3. For what purposes does the Administrator use cookies?
    1. Provision of Services
      • The Administrator uses cookies that are necessary to provide the Services. These files ensure that the Websites can be displayed correctly and that you can move between individual subpages, that the language preferences of the Service can be remembered, and that other functionalities of the Services can be used efficiently and ergonomically.
      • Some cookies are necessary to provide the Services, while some are not necessary but make it easier to use the Services or enable the use of various functionalities.
    2. Website usage statistics
      • Based on the information collected, the Administrator may create statistics. use of the Services, in particular the views of individual pages or subpages, the use of individual functionalities, in order to count visits to the Websites, their length and frequency of use of individual Services or their functionalities. Statistics and analyses of the use of the Websites enable the Administrator to analyse the performance of the Websites and enable the determination of the development needs of the Services.
      • Statistics are created in a way that does not allow identification of individual Users of the Websites.
    3. Own and third-party marketing activities
      • Based on User behavior, interest profiles are created and then used to provide information tailored to the estimated interests of Users. This information does not contain data on the identity of Users, but in combination with other information, the Administrator or entities using this information may be able to determine the identity of these Users.
    4. Does the Administrator disclose data obtained through cookies to other entities?
      • Information collected by the Administrator will not be made available to entities or persons other than those authorized under the provisions of generally applicable law and authorized to administer the Websites.
    5. How to withdraw consent to cookies / opt out of the use of cookies?
      • In any case, the User may block the installation of cookies or delete permanent cookies using the appropriate options in the web browser. In case of problems, it is recommended to use the browser's help file or contact the browser manufacturer.
      • Any User who does not consent to the use of cookies is required to modify the settings of their web browser. The User's system configuration enabling the use of cookies means consent to the Administrator storing information referred to in art. 173 sec. 2 of the Act of 16 July 2004 - Telecommunications Law.

Final provisions

  1. The Privacy Policy and the Cookie Policy may be supplemented or updated in accordance with the current needs of the Administrator in order to provide current and reliable information to Users regarding their personal data and information about them. Users will be informed of any changes on the Website.
  2. The Administrator reserves the right to change the Cookie Policy, which may be affected by the development of Internet technology, possible changes in the law on personal data protection and the development of the Services provided. Users will be informed of any changes in a visible and understandable manner.
  3. In case of any doubts as to any provisions of this Cookie Policy, the User may contact the Administrator directly.

These Policies are effective from April 18, 2024.