Privacy Policy

This Privacy Policy sets forth the principles for storing and accessing data on Users’ Devices using the Service for the purpose of providing electronic services by the Administrator, as well as the rules for collecting and processing Users’ personal data that have been provided voluntarily via tools available in the Service.

This Privacy Policy is an integral part of the Service’s Terms of Use, which define the rules, rights, and obligations of Users utilizing the Service.

§1 Definitions

• Service – The online service “BIZPRO POLAND SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ” operating under the address cryptofirma.pl.
• External Service – Websites of partners, service providers, or recipients cooperating with the Administrator.
• Administrator of the Service/Data – The Administrator of the Service and Data (hereinafter referred to as “Administrator”) is BIZPRO POLAND SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, operating at: ul. MICHAŁA KLEOFASA OGIŃSKIEGO, No. 11, Apt. 9, Warsaw, 03-318, Poland, with tax identification number (NIP): 5243013287, providing electronic services via the Service.
• User – A natural person for whom the Administrator provides electronic services via the Service.
• Device – An electronic device with software through which the User accesses the Service.
• Cookies – Text data collected in the form of files placed on the User’s Device.
• GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).
• Personal Data – Information about an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
• Processing – Any operation or set of operations performed on personal data, whether or not by automated means, such as collecting, recording, organizing, structuring, storing, adapting, or altering, retrieving, consulting, using, disclosing by transmission, disseminating, or otherwise making available, aligning, or combining, restricting, erasing, or destroying.
• Restriction of Processing – Marking stored personal data to limit its future processing.
• Profiling – Any form of automated processing of personal data to evaluate certain personal aspects of a natural person, in particular to analyze or predict aspects concerning that person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
• Consent – A voluntary, specific, informed, and unambiguous indication of the data subject’s wishes by which they, through a statement or clear affirmative action, signify agreement to the processing of personal data relating to them.
• Personal Data Breach – A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data transmitted, stored, or otherwise processed.
• Pseudonymization – Processing personal data in a way that the data can no longer be attributed to a specific data subject without additional information, provided that such additional information is stored separately and is subject to technical and organizational measures to ensure non-attribution to an identified or identifiable natural person.
• Anonymization – An irreversible process of data operation that destroys/overwrites personal data, making it impossible to identify or link a given record to a specific user or individual.

§2 Data Protection Officer
In accordance with Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer. For matters related to data processing, including personal data, please contact the Administrator directly.

§3 Types of Cookies

• Internal Cookies – Files placed and read from the User’s Device by the Service’s telecommunication system.
• External Cookies – Files placed and read from the User’s Device by telecommunication systems of External Services. Scripts and services of External Services that may place cookies on the User’s Devices are intentionally implemented in the Service.
• Session Cookies – Files placed and read from the User’s Device by the Service during one session of a given Device. After the session ends, these files are deleted from the User’s Device.
• Persistent Cookies – Files placed and read from the User’s Device by the Service until they are manually deleted. These files are not automatically deleted after the session ends unless the User’s Device settings are configured to clear cookies after the session ends.

§4 Data Storage Security

• Mechanisms for storing and reading Cookies – The mechanisms for storing, reading, and exchanging data between Cookies stored on the User’s Device and the Service are implemented through built-in browser mechanisms and do not allow the retrieval of other data from the User’s Device or data from other websites visited by the User, including personal or confidential data. The transfer of viruses, trojans, and other worms to the User’s Device is practically impossible.
• Internal Cookies – Cookies used by the Administrator are safe for Users’ Devices and do not contain scripts, content, or information that could endanger the security of personal data or the Device.
• External Cookies – The Administrator takes all possible measures to verify and select Service partners regarding User safety. However, the Administrator does not have full control over the content of Cookies from External Services. The Administrator is not responsible for the safety, content, or compliance of Cookies from External Services as far as the law permits.

§5 Purposes for Which Cookies Are Used
• Improving and facilitating access to the Service
• Personalizing the Service for Users
• Marketing, remarketing on external platforms
• Advertising services
• Affiliate services
• Statistical analysis (users, number of visits, types of devices, connections, etc.)
• Providing multimedia services
• Offering social networking services

§6 Purposes of Personal Data Processing
Personal data voluntarily provided by Users is processed for one of the following purposes:
• Execution of electronic services:
• Providing information about the content posted on the Service on social networks or other websites.
• Communication between the Administrator and Users regarding the Service and data protection.
• Ensuring the legitimate interests of the Administrator.
Data on Users, collected anonymously and automatically, is processed for one of the following purposes:
• Statistical analysis
• Remarketing
• Serving ads tailored to Users’ preferences
• Managing affiliate programs
• Ensuring the legitimate interests of the Administrator

§7 External Services’ Cookies
The Administrator uses JavaScript scripts and web components from partners, who may place their own cookies on the User’s Device. Remember that you can manage cookie permissions for specific websites in your browser settings. Below is a list of partners or their services implemented in the Service that may place cookies:
• Multimedia services
• Social/networking services (Registration, Login, sharing content, communication, etc.):
• Facebook
• Google+
Services provided by third parties are beyond the control of the Administrator. These entities may change their terms of service, privacy policies, data processing purposes, and methods of using cookies at any time.

§8 Types of Data Collected
The Service collects data about Users. Some data is collected automatically and anonymously, while other data is personal, voluntarily provided by Users during registration for specific services offered by the Service.

Anonymous data collected automatically:
• IP address
• Browser type
• Screen resolution
• Approximate location
• Subpages of the Service accessed
• Time spent on specific subpages
• Operating system type
• URL of the previous page
• Referring page address
• Browser language
• Internet connection speed
• Internet service provider
• Demographic data (age, gender)

Data collected during registration:
• Email address
• IP address (collected automatically)

Data collected during subscription to the Newsletter:
• Email address

Some data (excluding identifying data) may be stored in cookies. Some data (excluding identifying data) may be shared with statistical service providers.

§9 Access to Personal Data by Third Parties
As a rule, the sole recipient of personal data provided by Users is the Administrator. Data collected as part of the provided services is not shared or sold to third parties.
Access to data (usually based on a Data Processing Agreement) may be granted to entities responsible for maintaining the infrastructure and services necessary for the operation of the Service, such as:

§10 Method of Processing Personal Data
Personal data voluntarily provided by Users:
• Personal data will not be transferred outside the European Union unless published as a result of an individual User’s action (e.g., posting a comment or entry), making the data accessible to anyone visiting the Service.
• Personal data will not be used for automated decision-making (profiling).
• Personal data will not be sold to third parties.

Anonymous data (non-personal data) collected automatically:
• Anonymous data may be transferred outside the European Union.
• Anonymous data will not be used for automated decision-making (profiling).
• Anonymous data will not be sold to third parties.

§11 Legal Basis for Processing Personal Data
The Service collects and processes Users’ data based on:
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation):
• Article 6(1)(a): The data subject has given consent to the processing of their personal data for one or more specific purposes.
• Article 6(1)(b): Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
• Article 6(1)(f): Processing is necessary for the purposes of legitimate interests pursued by the Administrator or by a third party.
• The Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws 2018, item 1000).
• The Act of 16 July 2004 on Telecommunications Law (Journal of Laws 2004, No. 171, item 1800).
• The Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994, No. 24, item 83).

§12 Duration of Personal Data Processing
Personal data voluntarily provided by Users:
• As a rule, personal data is stored only for the duration of the services provided within the Service by the Administrator. It is deleted or anonymized within 30 days of the end of the services (e.g., deletion of a user account, unsubscription from the Newsletter, etc.).
• An exception applies to situations requiring the protection of legally justified purposes for further processing of this data by the Administrator. In such cases, the Administrator will store the data, following a User’s request for its deletion, for no longer than 3 years in the event of a violation or suspected violation of the Service’s terms and conditions by the User.

Anonymous data (non-personal data) collected automatically:
• Anonymous statistical data, which does not constitute personal data, is stored by the Administrator indefinitely for the purpose of maintaining Service statistics.

§13 Users’ Rights Related to the Processing of Personal Data
The Service collects and processes Users’ data based on:

• Right of Access to Personal Data
• Users have the right to access their personal data upon request submitted to the Administrator.
• Right to Rectify Personal Data
• Users have the right to request the Administrator to promptly correct any inaccurate personal data and/or complete incomplete data. This right is exercised upon request submitted to the Administrator.
• Right to Erase Personal Data
• Users have the right to request the immediate deletion of their personal data by the Administrator. In the case of user accounts, data deletion involves anonymizing the data that identifies the User. The Administrator reserves the right to delay the fulfillment of a data deletion request to protect the Administrator’s legitimate interests (e.g., if the User has violated the Terms of Service or if the data was obtained during correspondence).
• For the Newsletter service, Users can delete their personal data independently by using the link provided in every email.
• Right to Restrict Processing of Personal Data
• Users have the right to restrict the processing of their personal data in cases specified in Article 18 of the GDPR, such as disputing the accuracy of the data. This right is exercised upon request submitted to the Administrator.
• Right to Data Portability
• Users have the right to obtain their personal data from the Administrator in a structured, commonly used, and machine-readable format. This right is exercised upon request submitted to the Administrator.
• Right to Object to the Processing of Personal Data
• Users have the right to object to the processing of their personal data in cases specified in Article 21 of the GDPR. This right is exercised upon request submitted to the Administrator.
• Right to File a Complaint
• Users have the right to file a complaint with a supervisory authority responsible for personal data protection.

§14 Contact with the Administrator
The Administrator can be contacted via the following methods:
• Postal Address: ul. Michała Kleofasa Ogińskiego, No. 11, Apt. 9, Warsaw, 03-318
• Email Address: cryptofirma.pl@gmail.com
• Phone Number: +48 516 608 809
• Contact Form: Available at cryptofirma.pl

§15 Service Requirements
Restricting the ability to save and access Cookies on the User’s device may result in certain Service features not functioning properly.
The Administrator assumes no responsibility for malfunctioning Service features if the User restricts the ability to save or read Cookies in any way.

§16 External Links
The Service (including articles, posts, entries, or User comments) may contain links to external websites not affiliated with the Service Owner. These links and the sites or files they lead to may pose risks to your device or compromise the security of your data. The Administrator is not responsible for the content found outside the Service.

§17 Changes to the Privacy Policy
The Administrator reserves the right to change this Privacy Policy at any time without notifying Users regarding the use of anonymous data or the use of Cookies.

The Administrator reserves the right to make any changes to this Privacy Policy regarding the processing of Personal Data, and will notify Users with accounts or subscribed to the Newsletter via email within 7 days of the changes. Continued use of the services indicates acknowledgment and acceptance of the changes to the Privacy Policy. If the User disagrees with the changes, they are required to delete their account or unsubscribe from the Newsletter.

Changes to the Privacy Policy will be published on this subpage of the Service.
The changes take effect immediately upon publication.