Privacy policy

§1. Personal data administrator

1. The administrator of personal data within the meaning of Art. 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (GDPR) is Beyond Training Karolina Safaryn-Girulska with its registered office in Chrząstawa Mała, ul. street Iglasta 7, 55-003 Czernica, NIP: 8982131534, REGON: 528211780.

2. E-mail address of the data administrator: karolina@beyondtraining.pl.

3. Administrator pursuant to Art. 32 section 1 GDPR complies with the principle of personal data protection and applies appropriate technical and organizational measures to prevent accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data processed in connection with the business.

4. Providing personal data by the customer is voluntary, but necessary in order to conclude a contract with the data administrator.

5. The data administrator processes personal data to the extent necessary to perform the contract or provide services to the data subject.

§2. Purpose and basis for processing personal data

The administrator processes personal data for the following purposes:

a. preparing an offer in response to the customer's interest, which is the legitimate interest of the data controller (Article 6(1)(f) of the GDPR);

b. concluding and implementing contracts with customers, based on the concluded contract (Article 6(1)(b) of the GDPR);

c. provision of services electronically via websites, based on the concluded contract (Article 6(1)(b) of the GDPR);

d. handling the complaint process, based on the obligation imposed on the data controller in connection with applicable legal provisions (Article 6(1)(c) of the GDPR);

e. accounting related to issuing and accepting settlement documents, pursuant to the provisions of tax law (Article 6(1)(c) of the GDPR);

f. archiving data for the purpose of establishing, investigating or defending against claims or the need to prove facts, which is the legitimate interest of the data controller (Article 6(1)(f) of the GDPR);

g. contact by telephone or via e-mail, in particular in response to inquiries addressed to the data controller, which is the legitimate interest of the data controller (Article 6(1)(f) of the GDPR);

h. sending technical information regarding the functioning of the services used by the customer, which is the legitimate interest of the data controller (Article 6(1)(f) of the GDPR);

i. marketing, which is its legitimate interest (Article 6(1)(f) of the GDPR) or is based on previously granted consent (Article 6(1)(a) of the GDPR).

§3. Data recipients. Transfer of data to third countries

1. The recipients of personal data processed by the data controller may be entities cooperating with the data controller when it is necessary for the performance of the contract concluded with the data subject.

2. The recipients of personal data processed by the data controller may also be subcontractors - entities whose services the data controller uses to process data, e.g. accounting offices, law firms, entities providing IT services (including hosting services).

3. The data administrator may be obliged to provide personal data on the basis of applicable legal provisions, in particular to provide personal data to authorized authorities or state institutions.

4. Personal data in connection with the administrator's use of tools to analyze and track traffic on the website may be transferred to an entity based outside the European Economic Area, e.g. to Google LLC or to Meta Platforms Inc. As an appropriate data protection measure, the data controller has agreed to standard contractual clauses in accordance with Art. 46 GDPR with providers of these services. More information on this topic is available here: https://commission.europa.eu/law/law-topic/data-protection_en.

§4. Personal data storage period

1. The data controller stores personal data for the duration of the contract concluded with the data subject and after its expiry for purposes related to pursuing claims related to the contract, fulfilling obligations arising from applicable legal provisions, but for a period not longer than the limitation period in accordance with with the provisions of the Civil Code.

2. The data administrator stores personal data contained in settlement documents for the period specified in the provisions of tax law.

3. The data administrator stores personal data processed for marketing purposes for a period of 10 years, but no longer than until the consent to data processing is withdrawn or an objection to data processing is raised.

4. The data administrator stores personal data for purposes other than those indicated in section. 1-3 for a period of one year, unless consent to data processing has been withdrawn earlier and data processing cannot be continued on a basis other than the consent of the data subject.

§5. Rights of the data subject

1. Every data subject has the right:

a. access – obtaining confirmation from the administrator whether her personal data is being processed. If data about a person is processed, he or she is entitled to access them and obtain the following information: about the purposes of processing, categories of personal data, information about the recipients or categories of recipients to whom the data have been or will be disclosed, about the period of data storage or about the criteria for their processing. determining the right to request rectification, deletion or limitation of the processing of personal data of the data subject, and to object to such processing (Article 15 of the GDPR);

b. to receive a copy of the data - to obtain a copy of the data subject to processing, the first copy is free of charge, and for subsequent copies the administrator may impose a reasonable fee resulting from administrative costs (Article 15(3) of the GDPR);

c. to rectify - request the rectification of incorrect personal data or the completion of incomplete data (Article 16 of the GDPR);

d. to delete data - request the deletion of personal data if the administrator no longer has a legal basis for their processing or the data is no longer necessary for the purposes of processing (Article 17 of the GDPR);

e. to limit processing - request to limit the processing of personal data (Article 18 of the GDPR), when:

- the accuracy of the personal data is contested by the data subject - for a period enabling the controller to check the accuracy of the data,

- the processing is unlawful and the data subject objects to their deletion and requests restriction of their use,

- the controller no longer needs the data, but they are needed by the data subject to establish, pursue or defend claims,

- the data subject has objected to the processing - until it is determined whether the legitimate grounds of the controller override the grounds for the data subject's objection;

f. to transfer data - to receive personal data concerning him or her in a structured, commonly used, machine-readable format, which he or she provided to the administrator, and to request that these data be sent to another administrator if the data is processed on the basis of the data subject's consent or an agreement with contained therein and if the data are processed in an automated manner (Article 20 of the GDPR);

g. to object - to object to the processing of her personal data for the legally justified purposes of the administrator, for reasons related to her particular situation, including profiling. The controller then assesses the existence of valid legitimate grounds for processing, overriding the interests, rights and freedoms of data subjects, or grounds for establishing, pursuing or defending claims. If, according to the assessment, the interests of the data subject are more important than the interests of the controller, the controller will be obliged to stop processing data for these purposes (Article 21 of the GDPR).

2. To exercise the above-mentioned rights, the data subject should contact the controller using the provided contact details and inform him which right and to what extent he wants to exercise.

3. The data subject has the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office in Warsaw.

§6. Profiling

1. Personal data obtained by the data controller may be processed automatically - including in the form of profiling. Profiling of personal data performed by the data controller consists in assessing selected information about the data subject for the purposes of analyzing and forecasting personal preferences and interests, in particular for the possibility of providing the data subject with a personalized offer.

2. Automatic data processing performed by the data controller does not produce any legal effects for the data subject. The data subject may object to the automated processing of his or her data at any time.

§7. Google Analytics

1. The administrator uses Google Analytics, an online analytical service provided by Google Inc. based in the USA.

2. Google Analytics uses cookies that enable analysis of the user's use of the website. The information generated by the cookie about your use of the website is transmitted to and stored on a Google server. On behalf of the Administrator, Google will use this information to analyze the use of the website by users in order to prepare reports on website activity and provide other services related to the use of the website and the Internet to the ordering entity.

3. The data will not be used to identify any natural person.

4. The user can prevent cookies from being saved by using appropriate browser settings; however, in such a case you will not be able to use the full functionality of the website. In addition, users can prevent the collection by Google of data generated by cookies and relating to their use of the website (including the IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=pl .

5. At any time, the user may object to the collection and processing of data related to the use of the Google website by downloading and installing the browser plug-in, which is available at the following address: https://tools.google.com/dlpage/gaoptout?hl=en .

§8. Facebook pixel

1. The administrator uses Piksel Facebook, an analytical tool that helps measure the effectiveness of advertising based on the analysis of actions taken by users on the website.

2. The Administrator uses the Piksel Facebook tool to direct personalized ads to the Customer on Facebook. This involves the use of Facebook cookies. The legal basis for the Administrator's use of the Piksel Facebook tool is Art. 6 section 1 letter f GDPR.

§9. Social plugins

1. The administrator of the website uses plug-ins directing to social networking sites. The plugins in question are marked with the logo of a given social networking site.

2. Data is sent to social networking sites only when the user actively clicks on the appropriate plug-in button. After pressing the plug-in icon, the web browser will start a connection to the servers of a given social networking site, and the user will be redirected to the website of an external service provider, i.e. the owner of a given social networking site, and the user's web browser will establish a direct connection to the servers of these social networking sites. The use of these functions may involve the use of external cookies. From the moment you click on a given plug-in, personal data is processed on a given social networking site, and the owner of the social networking site becomes a co-controller of personal data. The Administrator informs that from the moment of actively clicking the plug-in button, the Administrator has no influence on the nature and scope of personal data collected by a given social networking site.

3. Data is sent regardless of whether the user has an account on a given social networking site or is logged in. If the user is logged in to a given social media platform, the collected personal data will be directly assigned to the account (profile) used by him.

4. For more information on the purpose and scope of collecting personal data, including the principles of their processing by the provider of a given portal, please read the privacy policies of these providers.

Cookie policy

1. The entity that places cookies on the user's end device and obtains access to them is Beyond Training Karolina Safaryn-Girulska.

2. The website does not automatically collect any information, except for information contained in cookies.

3. Cookies (so-called "cookies") are IT data, in particular text files, which are stored on the end device of the user using the systems and websites provided by the service provider and are intended for the use and operation of these systems and websites. Cookies usually contain the name of the website they come from, their storage time on the user's end device and a unique number.

4. Cookies used by the service provider are used for the following purposes:

- adapting the content of websites to user preferences and optimizing the use of websites; in particular, these files make it possible to recognize the user's device and properly display the website, tailored to its individual needs;

- creating statistics that help understand how users use systems and websites, which allows improving their structure and content;

- maintaining the user's session to enable return to the content of forms available on websites.

5. The following types of cookies are used within the systems and websites provided by the service provider:

- "session" (session cookies) and "persistent" (persistent cookies). "Session" cookies are temporary files that are stored on the user's end device until logging out, leaving the website or turning off the software (web browser). "Permanent" cookies are stored on the user's end device for the time specified in the cookie parameters or until they are deleted by the user;

- "necessary" cookies enabling the use of services available within systems and websites, e.g. authentication cookies used for services requiring authentication; cookies used to ensure security, e.g. used to detect abuses in the field of authentication within systems and websites;

- "functional" cookies, enabling "remembering" the settings selected by the user and personalizing the user interface, e.g. in terms of the selected language or region of origin, font size, appearance of the website, etc.

In many cases, the software used to browse websites (web browser) allows cookies to be stored on the user's end device by default. Users can change cookie settings at any time. These settings can be changed in particular in such a way as to block the automatic handling of cookies in the web browser settings or to inform each time they are placed on the user's device.

Detailed information about the possibilities and methods of handling cookies is available in the software (web browser) settings and is described here:

Opera browser,

Firefox browser,

Chrome browser,

Microsoft Edge browser,

Safari browser.

We would like to inform you that restrictions on the use of cookies may affect some functionalities available in systems or websites.

Privacy policy

§1. Personal data administrator

Cookie policy

PRIVACY POLICY

COOKIES POLICY