Hello,

If you’ve landed on this page, it means that the protection of your personal data is important to you. I want to assure you that I care about your privacy and it is important to me. For this purpose, I have implemented not only legal but also technical measures to further strengthen its protection.

In accordance with the GDPR, below I present to you the principles of processing your personal data by me. Please review the most important questions regarding your personal data, and if you have any doubts or additional questions regarding the privacy policy, feel free to contact me at: kontakt@gosiagalbas.com

PRIVACY POLICY

§1 Who is the Administrator of your personal data?

The data administrator is Małgorzata Galbas, conducting business under the name Malgorzata Galbas, EU VAT ID ATU76362348, address: Franz Kneissl Strasse 15, 6330 Kufstein, Austria. You can contact the Administrator by email at: kontakt@gosiagalbas.com

§2 For what purpose do I collect your data and how long do I store it?

I may process your data for the following purposes:

Communication with you, including responding to inquiries sent via the contact form, email, etc. Data will be processed based on the legitimate interest of the Administrator in the form of communication with Users of the Site (Art. 6 (1) (f) GDPR). Your data will be processed no longer than until you object or the business purpose ceases. Providing this data is voluntary, but necessary for communication with you. Data may also be processed for archival purposes for internal use based on the legitimate interest of the Administrator (Art. 6 (1) (f) GDPR) until you object or the business purpose ceases.

Entering into and executing a contract (placing an order).

Establishment, defense, and pursuit of claims

Fulfilling legal obligations incumbent on the Administrator (including tax and archival duties). Data necessary for the conclusion and execution of the contract will be processed for the duration of the contract, including the period of exercising rights arising from the contract, such as the right to a warranty claim (Art. 6 (1) (b) and (f) GDPR). Providing this data is voluntary but necessary for the conclusion and execution of the contract.

Additional data provided for the purpose of facilitating the execution of the contract will be processed no longer than until you object or the business purpose ceases based on the legitimate interest in the form of customer service (Art. 6 (1) (f) GDPR).

After this period, data will be processed for the period of limitation of claims based on the legitimate interest of the Administrator to defend against claims, as well as to establish and pursue claims (Art. 6 (1) (f) GDPR).

In cases where data is necessary to fulfill legal obligations incumbent on the Administrator (such as issuing and storing invoices) – data will be processed for this purpose no longer than 6 years (archival obligations concerning accounting documents), unless legal provisions require a longer period (Art. 6 (1) (c) GDPR).

Data may also be archived for internal and statistical purposes until you object or the business purpose ceases based on the legitimate interest of the Administrator (Art. 6 (1) (f) GDPR).

Providing marketing information (including sending newsletters and information about services, products, promotions, free content using other tools, e.g., chatbot, by phone). Data will be processed based on the legitimate interest of the Administrator in the form of marketing the Administrator’s products and services (Art. 6 (1) (f) GDPR). Your data will be processed no longer than until you object or the business purpose ceases – whichever occurs first. Providing data is voluntary, however, necessary to receive marketing/commercial information.

For the purposes of commercial communication and telephone communication, I need your consent in accordance with Art. 10 of the Act on the provision of electronic services. You can withdraw it at any time by clicking the link in the footer of the email or by writing to me at the address provided above.

Administration and management of the website and groups on social media platforms (including Facebook (Meta), Instagram, LinkedIn) in the case of data processing on social media platforms, including communication with you, directing marketing content to you. This data will be processed only when you decide to like the page/join the group/select the “Follow” option or otherwise leave your data on the platform managed by me, e.g., by posting an entry or comment. The data will be processed for the duration of the existence of the page/group or until you object, which may occur by unclicking the “Like”, “Follow” options, deleting the comment/post, or in another way provided within the platform/page or by contacting me. I inform you that the rules relating to the page/fan page/group are set by the Administrator, while the rules of using the social media portal on which the page/fan page/group is located are set by the entity managing these portals.

Analytical and statistical

Data processed for analytical and statistical purposes, particularly the analysis of data obtained automatically when using the website, including cookies, are processed based on the legitimate interest of the Administrator in the form of adapting the content of the Site to the preferences of the User and optimizing the use of the Site; creating statistics that help understand how Users use the Site, which enables improving its structure and content (Art. 6 (1) (f) GDPR). Data may also be archived for internal and statistical purposes until you object or the business purpose ceases based on the legitimate interest of the Administrator (Art. 6 (1) (f) GDPR).

Recovering abandoned carts

In the situation when you do not complete placing an order, you will receive a reminder about the started but uncompleted order. The data will be processed based on the legitimate interest of the Administrator in the form of serving potential Customers and Customers (Art. 6 (1) (f) GDPR). This data will be processed for the time necessary to achieve business purposes or until you object.

Posting comments

Regarding the data visible on our Site next to the posted comment, this data is processed for the purpose of administering the Site and its service and communication with you based on the legitimate interest of the Administrator (Art. 6 (1) (f)) for the time necessary to achieve business purposes or until you object.

Promotions and marketing

In the situation when you provide me with your data, particularly in the form of an opinion concerning a product or service, including data concerning the image, this data will be processed based on the legitimate interest of the Administrator in the form of marketing the Administrator’s services and products and improving their quality. This data will be processed for the time necessary to achieve business purposes or until you object. Providing data is voluntary.

Collecting sensitive data

Sensitive data are collected for the purpose of the contract and its proper performance based on your conscious and voluntary consent (Art. 9 (2) (a) GDPR) – until the business purpose ceases or consent is withdrawn. Providing data is voluntary but necessary for the proper execution of the contract.

Recruitment

Data may be processed for the time necessary for the recruitment process and the conclusion of the contract (Art. 6 (1) (b) and 6 (1) (c) GDPR), and in the case of additional data voluntarily provided – based on your consent; for future recruitment purposes – based on the consent expressed by you, for a maximum period of 3 years (this period is counted from the end of the year in which the application was obtained). Providing personal data is voluntary, however, providing some data may be necessary for the recruitment process, as well as for the conclusion of the contract. The consequence of not providing this data will be the inability to carry out the aforementioned activities.

§3 Who may I transfer your data to?

I transfer your data to other entities only when it is necessary to achieve the processing purposes mentioned in §2, and only to the extent necessary to fulfill these purposes. As a rule, I collect and process only the data that you have provided to me, except for data collected automatically (cookies). You can find more about cookies in §7.

If necessary, your data may be transferred to entities with whom I cooperate in achieving the aforementioned purposes, particularly to hosting companies, IT companies/entities managing the site, accounting service providers, invoice software providers, newsletter service providers, cloud service providers, marketing service providers, administrative service providers, consulting service providers, subcontractors, training platforms, social media platforms, customer service platforms, appointment scheduling platforms, product sharing or service provision platforms, and other entities that support the Administrator in achieving the processing objectives.

As a rule, data will not be transferred outside the EEA, except in the situations described below. In other cases, when data is transferred outside the EEA, this will occur based on your consent, standard contractual clauses, or other safeguards provided in the GDPR after fulfilling, among others, the information obligation.

Services provided by Google or Facebook (META) are, as a rule, provided by entities based in the European Union. However, due to the global nature of these entities’ operations, your data may be transferred to the USA, in connection with their storage on American servers (wholly or in part). Regardless of this, Google and Facebook have implemented safeguards provided by the GDPR aimed at protecting personal data in accordance with the requirements of the GDPR by using standard contractual clauses. More information about the data processing rules by the aforementioned providers can be found in the privacy policies of each entity.

English Translation:

§4 What rights do you have?

Under the GDPR, you have the right to:

  • Access your personal data,
  • Rectify your personal data,
  • Erase your personal data,
  • Restrict the processing of your personal data,
  • Object to the processing of your personal data,
  • Transfer your personal data,
  • Withdraw consent; withdrawing consent does not affect the legality of processing carried out before its withdrawal. If you believe that your personal data is being processed in violation of the law, you have the right to file a complaint with the President of the Personal Data Protection Office. However, I encourage you to contact me first to clarify any doubts.

§5 Is your data profiled?

The Administrator analyzes personal data in an automated manner using tools provided by software providers (e.g., through statistics, history) only to the extent that it does not have any legal effects on you or similarly significantly affect your situation, including your rights or freedoms. The purpose of automated data processing is to understand the preferences of Users (more about the analysis is specified in the Cookie Policy section).

§6 Legal provisions applicable to personal data

In matters not regulated, the relevant legal provisions apply, including European law (e.g., GDPR).

§7 Cookie Policy

The Site does not automatically collect any information, except for information contained in cookies. These data are collected in a way that does not allow for the identification of the User, referred to as Anonymous Data.

Cookies (so-called “cookies”) are computer data, particularly text files, stored in the end device of the Site User and intended for use with the Site. Cookies usually contain the name of the website from which they originate, the storage time on the end device, and a unique number.

Cookies are used to adapt the content of the Site to the User’s preferences and to optimize the use of the Site; creating statistics that help understand how Users use the Site, which enables the improvement of its structure and content.

You can independently change the settings related to cookies. In many cases, the web browser by default allows the storage of cookies on the end-user’s device. Detailed information on the possibility and ways of handling cookies is available in the software settings (web browser). Not consenting to cookies may limit the functioning of certain functionalities on the Site.

The Administrator uses technologies to monitor the actions taken by the User within the Site:

  • Facebook conversion pixel (Meta) provided by Meta Platforms Ireland Limited – for managing ads on Meta and conducting remarketing activities; Facebook Pixel is a piece of code published on a website that allows targeting a group based on data of people who have used the website. Hence, within the Facebook Pixel function, it is possible to display ads published on Meta’s portal only to users of the portal who have shown interest in products or services or share common factors with the aforementioned persons. These data are processed based on the legitimate interest of the Administrator (Art. 6 (1) (f) GDPR). Detailed information about the Facebook Pixel can be found on the Facebook Privacy Policy page (Meta).
  • Google tools, including Google Analytics provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data obtained in the course of using the aforementioned tool is used to analyze the statistics of the Site. Google Analytics uses its own cookies to analyze the actions and behaviors of Users of the Site. These files are used to store information, e.g., from which page the User came to the current website. They help improve the Site; These data are processed based on the legitimate interest of the Administrator (Art. 6 (1) (f) GDPR). Detailed information about the Facebook Pixel can be found on the page concerning the rules of using Google tools.

§8 Social Plugins

On the website, plugins, widgets, and other social tools provided by platforms such as Facebook (Meta), Instagram, Google, YouTube, LinkedIn, and Mailerlite are used. The rules regarding the processing of personal data are described directly on the pages of the aforementioned service providers.

§9 Co-administration

Data processed for the purposes of statistics collected within the Facebook (Meta) platform are co-administered by the Administrator and Meta Platforms Ireland Limited, located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter referred to as the Co-administrator. Detailed rules regarding the co-administration of data, including information about the rights available, have been described on the Privacy Policy page.

Data processed within the LinkedIn platform are co-administered by the Administrator and LinkedIn Ireland Unlimited Company, address: Legal Dept. (Privacy Policy and User Agreement), Wilton Place, Dublin 2, Ireland, hereinafter referred to as the Co-administrator. Detailed rules regarding the co-administration of data, including information about the rights available, have been described on the Privacy Policy page.

The Administrator processes data based on the legitimate interest of the Administrator which involves conducting analyses of User activities and preferences, in order to improve the functionalities used and services provided. In matters concerning personal data, one can contact both the Administrator and the Co-administrator.