Privacy policy

Polska wersja językowa polityki prywatności

Privacy Policy

The administrator of this website is Angelika Warlikowska, ul. Wczasowa 73, 64-200 Wolsztyn/Karpicko, hereinafter referred to as Angelika Warlikowska.
In providing services through this website, Angelika Warlikowska collects and stores data about the Users of the service, using it to fulfill services requested by the User or other actions the User has consented to.
Below is a description of the collected data.

COOKIES
PERSONAL DATA

COOKIES
WHAT ARE COOKIES?
Cookies are digital data, particularly text files, stored on the User’s devices, designed for use on websites.
The cookies used by the Administrator are safe for the User’s device, typically containing: the domain name from which they originate, the storage duration on the device, and a unique number. They do not allow unwanted software or viruses to enter.
Cookies cannot retrieve personal data or confidential information from the User’s devices.

TYPES OF COOKIES USED
2.1. Session cookies – stored on the User’s device until the browser session ends. The information saved in them is deleted from the device’s memory when the session ends.
2.2. Persistent cookies – stored on the User’s device for the period specified in their parameters, or until they are deleted. Ending the session does not result in their removal.

PURPOSES OF COOKIES USAGE
3.1. First-party cookies (placed by the Administrator) are used for:
a) Authentication and maintaining the User’s session on the website (this allows the User to navigate between pages without having to log in again – this is how so-called essential cookies work).
b) Optimizing and improving the performance of the services provided – performance cookies collect data on how the website is used.
c) Enhancing the functionality and reliability of the service, granting access to its full functionality, as well as ensuring the correct configuration of selected features – functional cookies allow for remembering settings chosen by the User and personalizing the User interface, e.g., preferred language, font size, website appearance, etc.
d) Ensuring website security, e.g., detecting abuse in the authentication process within the Service.

Third-party cookies placed by the Administrator’s Partners are used for:
a) Collecting general, anonymous statistical data via available analytical tools (e.g., cookies used by Google Analytics – privacy policy at www.google.com/intl/pl/policies),
b) Advertising purposes, to match ad content to User interests based on the most frequently searched content and to control the number of ads displayed,
c) Displaying multimedia content published on external sites, such as www.youtube.com – privacy policy at www.google.pl/intl/pl/policies/privacy.

4. REMOVAL OF COOKIES

4.1. By default, the software settings for browsing websites allow cookies to be placed on the User’s device. The User has the option to limit or disable the access of cookies to their device by using the available functions of their web browser.
Limiting the use of cookies may affect some functionalities available on the website.
4.2. The User can change the default settings by adjusting the settings of their web browser. These settings can be changed to block the automatic handling of cookies in the browser’s settings or to notify when cookies are placed on the User’s device.
4.3. Detailed information on how to manage and handle cookies is available in the software (web browser) settings.
In Google Chrome,
In Mozilla Firefox,
In Internet Explorer,
In Opera,
In Safari,
In Microsoft Edge.
4.5. Not changing the browser settings means accepting the placement of cookies on the User’s device.

PERSONAL DATA

SOURCES OF PERSONAL DATA
By using the website https://afnewsletter.com/, Users may provide the Administrator with their personal data such as first name, last name, and email address by filling out special forms. Providing this data is not mandatory but is required to use services or establish contact with the Administrator, such as subscribing to a newsletter.
The Administrator may also collect personal data outside of the services as part of other activities.

PERSONAL DATA ADMINISTRATOR
Angelika Warlikowska, ul. Wczasowa 73, 64-200 Wolsztyn/Karpicko, hereinafter referred to as Angelika Warlikowska.

LEGAL BASIS FOR PROCESSING PERSONAL DATA

3.1. Providing personal data by the User is voluntary, but not providing the data required in the forms for receiving the electronic newsletter or commenting on posts will result in the inability to receive the newsletter or comment on posts on the blog.
3.2. The basis for processing the User’s personal data is, in most cases, the consent of the person to whom the data pertains, as well as the necessity to fulfill a contract to which the User is a party or to take action at their request before the contract is concluded.
3.3. In the case of processing data for direct marketing of the Administrator’s own products or services, the basis for such processing is the prior consent of the User.
In the case of processing data for direct marketing of products and services of entities cooperating with the Administrator, the basis for processing is the prior consent of the User.

PURPOSES OF PERSONAL DATA PROCESSING
These data are processed solely for the purposes for which they were collected, with the User’s consent indicated in the form.
Possible purposes for collecting personal data from Users or Clients by the Administrator:
a) Sending electronic newsletters,
b) Commenting on posts,
c) Direct marketing of the Administrator’s own products or services,
d) Direct marketing of products and services of entities cooperating with the Administrator,
e) Monitoring traffic on the Administrator’s website,
f) Conducting marketing research and statistical surveys.

PERSONAL DATA PROTECTION

5.1. Principles of Personal Data Processing by the Personal Data Administrator
The Personal Data Administrator follows the following principles when processing personal data:

• Lawfulness, fairness, and transparency of processing – personal data is processed by the Administrator in accordance with the law, fairly, and transparently to the individual to whom the data pertains.
• Purpose limitation – data is collected by the Administrator for specific, explicit, and legally justified purposes and is not further processed in a manner incompatible with those purposes. Further processing for archival purposes in the public interest, for scientific or historical research, or for statistical purposes is not considered by the Administrator to be incompatible with the original purposes.
• Data minimization – the Administrator processes only the data that is adequate, relevant, and limited to what is necessary for the purposes for which they are processed.
• Accuracy of processed data – the Administrator processes only accurate data and updates them as necessary. The Administrator takes all reasonable steps to ensure that personal data that is inaccurate with respect to the purposes for which it is processed is promptly erased or rectified.
• Storage limitation – the Administrator stores data in a form that allows the identification of the person to whom the data pertains for no longer than is necessary for the purposes for which the data are processed. The Administrator may store personal data for a longer period, provided it is for statistical purposes. The Administrator will implement appropriate technical and organizational measures to protect the rights and freedoms of the individuals to whom the data pertains.
• Integrity and confidentiality – the Administrator processes data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing, as well as accidental loss, destruction, or damage, using appropriate technical or organizational measures.
• Accountability – the Administrator is responsible for complying with all the aforementioned principles and is able to demonstrate their adherence. The Administrator implements appropriate technical and organizational measures to ensure the highest level of security of the personal data they process, in accordance with the principles outlined above.

Angelika Warlikowska processes personal data using computer systems and software that ensures the highest level of security for the processing of this personal data (such as encryption and anonymization of transmitted information, regular password changes). Angelika Warlikowska also processes personal data outside the IT system using technical and organizational means ensuring the highest level of security for the processing of personal data.

5.2. Information Obligations of the Personal Data Administrator

Depending on whether the Administrator collects data from the person to whom the data pertains or in a way other than directly from the person, the EU Personal Data Protection Regulation imposes separate informational requirements on the Administrator.
The information obligations of the personal data administrator are common for both cases when the data is collected from the person to whom the data pertains or indirectly:

• The obligation to provide the identity of the administrator, contact details, and the identity and contact details of the administrator’s representative.
• The obligation to provide contact details of the data protection officer (if one has been appointed).
• The obligation to specify the purposes of processing personal data and the legal basis for processing.
• The obligation to provide information about recipients of the personal data or categories of recipients to whom the data will be transferred.
• The obligation to inform about the intention to transfer personal data to a third country or an international organization, if such a situation occurs.
• The obligation to specify the period during which personal data will be stored, or if this is not possible, to specify the criteria for determining this period.
• The obligation to provide information about the rights of individuals whose data is being processed.
• The obligation to provide information about the right to file a complaint with the supervisory authority (including the full name of the authority and its address).
• The obligation to inform the individual to whom the data pertains whether providing personal data is a statutory or contractual requirement or a condition for concluding a contract, and whether the individual is obliged to provide them and what the potential consequences are of not providing the data.
• The obligation to inform about automated decision-making, including profiling.
• The obligation to inform about a new purpose of data processing, other than the one initially provided.

Information Obligations for Administrators When Data Has Not Been Collected Directly from the Individual (i.e., Indirectly)
In such cases, the Administrator must also inform the individual whose data pertains about:

• The categories of personal data being processed – such as the type of processed data, e.g., first name, last name, address, date of birth, etc.
• The source from which the data originated, and if applicable, whether it comes from publicly available sources.

Exemption of the Administrator from Information Obligation When Data Has Been Collected Indirectly
An Administrator who has obtained data indirectly is not required to fulfill the information obligation when:
a) The person whose data is being processed already has this information;
b) Providing such information is impossible or would require a disproportionate effort, especially in the case of processing data for archival purposes in the public interest, for scientific or historical research, or for statistical purposes;
c) The collection or disclosure is expressly regulated by EU law or the law of the member state to which the Administrator is subject, providing appropriate safeguards for the legitimate interests of the individual whose data is being processed; or
d) Personal data must remain confidential in accordance with professional secrecy obligations under EU law or the law of the member state, including statutory confidentiality obligations.

The Obligation of Transparent Communication Between the Administrator and the Individual Whose Data Is Being Processed (Article 12 of the EU Personal Data Protection Regulation)
The Administrator provides the individual, whose data is being processed, with the necessary information in a concise, transparent, intelligible, and easily accessible form, using clear and plain language – especially when the information is directed at children. The information is provided in writing or by other means, including electronically when appropriate.
If requested by the individual, the information may be provided orally, provided the identity of the individual can be confirmed by other means.
If the Administrator has reasonable doubts about the identity of the individual making a request under Articles 15-21, additional information may be requested to confirm the identity of the individual.

Timeframes for Fulfilling Information Obligations by the Administrator
In the case of obtaining personal data from the individual to whom the data pertains, all the information mentioned above should be provided to the individual at the time the data is collected.
If the Administrator collects the data indirectly, they must fulfill the information obligation within the following timeframes:

a) Within a reasonable time after obtaining the personal data – no later than within one month, taking into account the specific circumstances of processing the personal data;
b) If the personal data will be used for communication with the individual to whom the data pertains – no later than at the time of the first communication with the individual; or
c) If the personal data is intended to be disclosed to another recipient – no later than at the time of the first disclosure.

Responsibilities of the Data Controller in Personal Data Processing

Considering the nature, scope, context, and purposes of processing, as well as the risks to the rights or freedoms of natural persons with varying probabilities and degrees of harm, the Data Controller implements appropriate technical and organizational measures to ensure that processing complies with the EU General Data Protection Regulation and to demonstrate compliance. These measures are reviewed and updated every six months.

The responsibilities of the Data Controller arising directly from the EU General Data Protection Regulation are as follows:

1. Data Protection by Design and by Default:
   In order to fulfill this obligation, the Data Controller implements appropriate technical and organizational measures, such as pseudonymization, designed to effectively apply data protection principles like data minimization and to provide necessary safeguards for processing, ensuring the highest possible protection of the rights of data subjects.
2. Data Processing by a Processor Based on a Written Agreement:
   If processing is carried out on behalf of the Data Controller, the Data Controller must only use processors who provide sufficient guarantees for implementing appropriate technical and organizational measures to protect the rights of data subjects.
   Processing by a processor takes place based on a contract or another legal instrument, which is subject to EU or member state law and binds the processor and the Data Controller, specifying the subject and duration of processing, the nature and purpose of processing, the type of personal data, and the categories of data subjects, as well as the obligations and rights of the Data Controller.
3. Recording Processing Activities:
   The Data Controller is required to maintain a record of processing activities.
   The record must be maintained electronically and updated immediately after any changes in the information specified in the GDPR, but at least once every six months.
   The record must be made available to the supervisory authority upon request.
4. Data Security:
   The Data Controller has implemented and applies the following technical and organizational measures to minimize the risk of personal data breaches:
   • Pseudonymization and encryption of personal data;
   • Ability to ensure the continuous confidentiality, integrity, availability, and resilience of processing systems and services;
   • Ability to quickly restore availability and access to personal data in case of physical or technical incidents;
   • Regular testing, measuring, and evaluating the effectiveness of technical and organizational measures ensuring the security of processing.

1. When evaluating the adequacy of security, the Data Controller considers the risks associated with processing, particularly those arising from accidental or unlawful destruction, loss, modification, unauthorized disclosure, or unauthorized access to personal data transmitted, stored, or otherwise processed.
2. Data Breach Notification to the Supervisory Authority:
   In the event of a personal data breach, the Data Controller must notify the supervisory authority without undue delay and, if possible, no later than 72 hours after becoming aware of the breach, unless it is unlikely that the breach will result in a risk to the rights or freedoms of individuals.
   If the notification is submitted after 72 hours, the Data Controller must include an explanation of the reasons for the delay.
   If the data breach may result in a high risk to the rights or freedoms of individuals, the Data Controller must inform the affected data subjects without undue delay.
3. Data Protection Impact Assessment (DPIA):
   If a certain type of processing—particularly using new technologies—may likely result in high risks to the rights or freedoms of natural persons, the Data Controller must conduct a data protection impact assessment before processing begins. For similar processing activities that present similar high risks, a single assessment may be carried out.
4. Prior Consultation:
   If the DPIA indicates that processing would result in high risks if the Data Controller does not take measures to mitigate those risks, the Data Controller must consult with the supervisory authority before processing begins.
5. Training and Confidentiality:
   All employees and collaborators with access to personal data, who are involved in processing, have been appropriately trained and act based on special authorizations and confidentiality agreements.
6. Data Protection Officer (DPO):
   The Data Controller has not appointed a Data Protection Officer (DPO) as there is no legal obligation to do so. For matters related to data protection, you can contact the company at the following email address: angelikawarlikowska@gmail.com and phone number: +48 722 082 698.

Data of Minors:
By default, all activities of the Data Controller are directed at adults who are capable of making decisions or influencing such decisions. If the legal guardians of a minor become aware that the minor has filled out a form available on the websites of services belonging to Angelika Warlikowska, please contact the Data Controller to have these data removed from the database or to withdraw consent by sending an email to: angelikawarlikowska@gmail.com.

Transfer of Personal Data:

1. The entities to which the Data Controller may transfer personal data include: collaborators of Angelika Warlikowska, accounting offices, law firms, national debt registers, and trusted partners. All these entities process personal data in a manner that guarantees the highest level of data security.
2. Angelika Warlikowska does not transfer and will not transfer personal data to recipients in third countries or to international organizations.

User Rights:
A person whose data is being processed:
a) has the right to obtain confirmation from the Data Controller as to whether their personal data is being processed, and if so, the right to access it and receive certain information (Article 15 of the EU General Data Protection Regulation),
b) has the right to request from the Data Controller the immediate rectification of any inaccurate personal data (Article 16 of the EU General Data Protection Regulation),
c) has the right to request the immediate erasure of personal data in certain circumstances (Article 17 of the EU General Data Protection Regulation),
d) has the right to request from the Data Controller the restriction of processing in specified cases (Article 18 of the EU General Data Protection Regulation),
e) has the right to receive personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used, and machine-readable format,
f) has the right to transmit that personal data to another controller without hindrance from the Data Controller,
g) has the right to object to the processing of their personal data (Article 21 of the EU General Data Protection Regulation),
h) has the right not to be subject to decisions based solely on automated processing, including profiling (Article 22 of the EU General Data Protection Regulation).

The Data Controller allows the data subject to exercise these rights as specified in the provisions of the EU General Data Protection Regulation.

Withdrawal of Consent for Data Processing:
At any time, a data subject may withdraw their consent to the processing of personal data. The withdrawal of consent does not affect the legality of the processing based on consent before it was withdrawn.
Withdrawing consent for the processing of personal data necessary for the performance of a contract may result in the termination of service provision. The Data Controller will inform the individual promptly after the withdrawal of such consent.
The withdrawal of consent can be made by sending an email to: angelikawarlikowska@gmail.com with the appropriate statement. Below is an example of the statement:
“On behalf of (company name) with its registered office at (address), as its (position of the person making the statement, along with their authority to represent the entity) / or I – (first name and surname, address of residence) – hereby withdraw my consent for the processing of my personal data by Angelika Warlikowska.”

Data Retention:
Angelika Warlikowska processes personal data for the period specified in a separate consent for data processing expressed by the data subject. After the specified periods, the data will be anonymized and processed solely for statistical purposes. Data obtained through newsletters and comments will be processed for the duration of the newsletter and comments on the blog. An earlier cancellation of the electronic newsletter subscription or request for comment removal will result in the deletion of the data from the database.

Changes to the Privacy Policy:
This Privacy Policy applies solely to the website of the Data Controller. The services may include links or references to other websites that have their own, separate Privacy Policy.
This Privacy Policy may be subject to changes due to the development of internet technologies or changes in legal regulations. The user should periodically review the contents of this document.