Privacy Policy

1. This Privacy Policy governs the processing of personal data obtained through the sandrasinger.blog (hereinafter referred to as the “Blog“).
2. The owner of the Blog and at the same time the data administrator is the company Neseex Sp. z o.o. based in Kielczow, Ogrodowa Street, No. 79, 55-093, NIP 8961555513, REGON 365686782, e-mail:
   sandra@smile2.life, which is also the owner of the Blog.
3. Personal data collected by Neseex Sp. z o.o. through the Blog are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), also known as GDPR.
4. Neseex Sp. z o.o. takes special care to respect the privacy of Customers visiting the Blog.

§ 1 Type of data processed, purposes and legal basis

1. Neseex Sp z o.o. collects information concerning natural persons performing a legal action not directly related to their activity, natural persons conducting a business or professional activity on their own behalf, and natural persons representing legal persons or organizational units that are not legal persons, to which the law grants legal capacity, conducting a business or professional activity on their own behalf, hereinafter collectively referred to as Customers.
2. Customers’ personal data are collected in the case of subscription to the newsletter (Newsletter), in order to perform the agreement the subject of which is the service provided electronically. Legal basis – consent of the data subject for the performance of the contract for the Newsletter service (Article 6(1)(a) GDPR); d)use of the contact form service in the Online Store for the performance of the contract for the service provided electronically. Legal basis: necessary for the performance of the contract for the provision of the contact form service (Article 6(1)(b) GDPR).
3. When using the Newsletter service, the Customer shall provide the following data:
   A. e-mail address;
   B. first and last name.
4. Navigation data may also be collected from Customers, including information about the links and references they choose to click on or other actions they take on our Blog. Legal basis – legitimate interest (Article 6(1)(f) GDPR) to facilitate the use of electronically provided services and to improve the functionality of such services.
5. Submission of personal data to Neseex z o.o. is voluntary.

§ 2 To whom is the data shared or entrusted and how long is it kept?

1. The Customer’s personal data is transferred to service providers used by Neseex Sp z o.o. in the operation of the Online Store. Service providers to whom personal data is transferred, depending on contractual arrangements and circumstances, either are subject to the instructions of Neseex Sp. z o.o. as to the purposes and methods of processing such data. Neseex Sp z o.o. uses suppliers who process personal data only at the direction of Neseex Sp z o.o.. These include, but are not limited to, suppliers providing hosting services, accounting services, providing marketing systems, Blog traffic analysis systems, and systems for analyzing the effectiveness of marketing campaigns.
2. Location. Service providers are mainly based in Poland and other countries in the European Economic Area (EEA).
3. Customers’ personal data are stored and processed by Neseex Sp z o.o. as long as the consent is not revoked, and after revocation of consent for a period of time corresponding to the period of limitation of claims that Neseex Sp z o.o. may raise and that may be raised against it. Unless a special provision provides otherwise, the statute of limitations is six years, and for claims for periodic benefits and claims related to the conduct of business – three years.

§ 3 Mechanism of cookies, IP address

1. The Blog uses small files, called cookies. These are stored by Neseex z o.o. on the Blog visitor’s terminal device, if the web browser allows it. A cookie usually contains the name of the domain from which it originated, its “expiration time” and an individual random number identifying the cookie. The information collected through files of this type helps to customize the products offered by Neseex Sp z o.o. to the individual preferences and real needs of visitors to the Online Store. They also give the possibility to develop general statistics of visits to the presented products in the Blog.
2. Neseex z o.o. uses two types of cookies:
   A. Session cookies: when the session of a particular browser ends or the computer is turned off, the stored information is deleted from the memory of the device. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from the Clients’ computers.
   B. Persistent cookies: they are stored in the memory of the Client’s final device and remain there until they are deleted or expire. The mechanism of permanent cookies does not allow any personal data or any confidential information to be collected from the Clients’ computer.
3. Neseex z o.o. uses proprietary cookies for the purpose of analysis and research, as well as audience auditing, and in particular to create anonymous statistics that help to understand how customers use the Blog, so as to improve its structure and content.
4. Neseex Sp z o.o. uses external cookies for the following purposes:
   A. to popularize the Blog via the social networking site facebook.com (administrator of external cookies: Facebook Inc. with its registered office in the USA or Facebook Ireland with its registered office in Ireland);
   B. to collect general and anonymous statistical data via Google Analytics tools (administrator of external cookies: Google Poland sp. z o.o. based in Warsaw);
5. The mechanism of cookies is safe for the computers of the Clients of the Blog. In particular, by this route it is not possible for viruses or other unwanted software or malware to enter the Clients’ computers. Nevertheless, in their browsers Customers have the option to limit or disable the access of cookies to computers. If this option is exercised, the use of the Blog will be possible, except for functions that by their nature require cookies.
6. The blog contains links and references to other websites. Neseex Sp z o.o. is not responsible for the privacy policies on them.

§ 4 Rights of data subjects

1. Right to withdraw consent – legal basis: Article 7(3) of the GDPR.
   A. The customer has the right to revoke any consent given by Neseex Sp z o.o.
   B. Revocation of consent has effect from the moment of revocation.
   C. Withdrawal of consent does not affect the processing performed by Neseex Sp z o.o. in accordance with the law prior to its withdrawal.
   D. Withdrawal of consent does not entail any negative consequences for the Customer, but it may prevent further use of services or functionalities that, according to the law, Neseex Sp z o.o. can provide only with consent.
2. The right to object to the processing of data – legal basis: article 21 GDPR.
   A. The Customer has the right at any time to object – for reasons related to his/her particular situation – to the processing of his/her personal data, including profiling, if Neseex Sp z o.o. processes his/her data on the basis of a legitimate interest, keeping statistics on the use of particular Blog functionalities and facilitating the use of the Blog, as well as satisfaction surveys.
   B. Opting out in the form of an e-mail from receiving marketing communications regarding products or services will imply the Customer’s objection to the processing of his/her personal data, including profiling for these purposes.
   C. If the Customer’s objection proves to be valid and Neseex z o.o. has no other legal basis for processing the personal data, the Customer’s personal data will be deleted, against the processing of which, the Customer has objected.
3. Right to erasure of data (“right to be forgotten”) – legal basis: art. 17 GDPR.
   A. Customer has the right to request deletion of all or some of the personal data.
   B. Customer has the right to request deletion of personal data if: a. Personal data are no longer necessary for the purposes for which they were collected or for which they were processed; b. has withdrawn specific consent, to the extent that personal data was processed based on his or her consent; c. has objected to the use of his/her data for marketing purposes; d. personal data is processed illegally; e. personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State to which Neseex z o.o. is subject; f. personal data was collected in connection with offering information society services.
4. The right to restrict data processing – legal basis: art. 18 GDPR.
   A. The customer has the right to request the restriction of the processing of his personal data. The submission of a request, pending its processing, prevents the use of certain functionalities or services, the use of which will involve the processing of data covered by the request. Neseex Ltd. will also not send any communications, including marketing.
   B. The customer has the right to request a restriction on the use of personal data in the following cases: a. when he or she questions the correctness of his or her personal data – then Neseex Sp z o.o. restricts their use for the time necessary to verify the correctness of the data, but no longer than for 7 days; b. when the processing of the data is unlawful, and instead of deleting the data, the customer requests a restriction on its use; c. when the personal data is no longer necessary for the purposes for which it was collected or used but is needed by the Customer to establish, assert or defend claims; d. when he or she has objected to the use of his or her data, in which case the restriction shall be for the time necessary to consider whether, due to the particular situation, the protection of the Client’s interests, rights and freedoms outweighs the interests pursued by the Administrator in processing the Client’s personal data.
5. Right of access to data – legal basis: art. 15 GDPR.
   A. Customer has the right to obtain confirmation from the Administrator as to whether it is processing personal data, and if it is, Customer has the right: a. gain access to your personal information; b. obtain information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients of such data, the planned period of storage of the Customer’s data or the criteria for determining this period (when it is not possible to determine the planned period of data processing), the Customer’s rights under the GDPR and the right to lodge a complaint with a supervisory authority, the source of such data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of such data outside the European Union; c. obtain a copy of your personal data.
6. Right to rectification of data – legal basis: art. 16 GDPR. The customer has the right to request from the Administrator the immediate rectification of personal data concerning him that is incorrect. Taking into account the purposes of the processing, the Data Subject Customer has the right to request the completion of incomplete personal data, including by providing an additional statement, by directing the request to the e-mail address in accordance with §6 of the Privacy Policy.
7. The right to data portability – legal basis: art. 20 GDPR. The customer has the right to receive his/her personal data, which he/she provided to the Administrator, and then send it to another personal data controller of his/her choice. The customer also has the right to request that the personal data be sent by the Administrator directly to such an administrator, if technically possible.
8. In a situation where the Customer has asserted its rights under the above rights, Neseex Sp z o.o. shall either fulfill the request or refuse to do so immediately, but no later than one month after receipt. However, if – due to the complexity of the request or the number of requests – Neseex Sp z o.o. will not be able to fulfill the request within one month, it will fulfill it within another two months informing the Client in advance – within one month of receiving the request – of the intended extension of the deadline and the reasons for it.
9. The Customer may submit complaints, inquiries and requests to the Administrator regarding the processing of his personal data and the exercise of his rights.
10. The customer has the right to lodge a complaint with the President of the Office for Personal Data Protection regarding violation of his/her data protection rights or other rights granted under the GDPR.

§ 5 Changes to the Privacy Policy

1. The Privacy Policy is subject to change, of which Neseex Sp z o.o. will inform Customers 7 days in advance.
2. For questions related to the Privacy Policy, please contact: sandra@smile2.life