Although providing personal data is voluntary, providing some data may be necessary to perform the service, issue invoices, etc.  Failure to provide this data will make it impossible to achieve the purposes for which they are collected. Any data provided by the Subject that is not necessary, or excess data that does not need to be processed by the Data Controller, is provided by the Subject at his or her own discretion; in such situations, the processing occurs on the basis of the premise contained in Article 6 (1) (a) of the GDPR (consent). The Subject expresses his or her consent to the processing of this data and to the anonymization of data that the Data Controller does not require and does not want to process, which was nonetheless provided by the Subject to the Data Controller.

In accordance with art. 13(1–2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (the General Data Protection Regulation, hereinafter “GDPR”), I inform that:
As a Personal Data Controller, I hereby notify that I have not appointed the Personal Data Protection Inspector (PDPI) and perform my own duties related to the processing of personal data.

Your personal data will be processed for as long as necessary for the following purposes:

a) Performing the service or the concluded Contract, sending an offer (e.g. advertising) at your request — pursuant to Article 6 (1) (b) of the GDPR (necessity in order to conclude and/or perform a Contract or take action upon request);

b) For the purpose of direct marketing of own products or services addressed to you — pursuant to Article 6 (1) (f) of the GDPR (legitimate interest of the Data Controller)

c) Establishing, pursuing or defending against claims — pursuant to Article 6 (1) (f) of the GDPR (legitimate interest of the Data Controller)

d) Issuing an invoice, bill and complying with other obligations resulting from the provisions of tax and laws and archiving regulations — pursuant to Article 6 (1) (c) of the GDPR (obligation resulting from legal provisions), Article 6 (1) (b) of the GDPR (necessity in order to conclude and/or perform a Contract);

e) Contact by e-mail in matters related to the implementation of the contract, services, billing issues and answering questions — pursuant to Article 6 (1) (b) of the GDPR (necessity in order to conclude and/or perform a Contract), Article 6 (1) (f) of the GDPR (legitimate interest of the Data Controller);

f) Postal correspondence via courier and postal services in matters related to the implementation of the contract, services, billing issues — pursuant to Article 6 (1) (b) of the GDPR (necessity in order to conclude and/or perform a Contract);

g) Contact by phone in matters related to the implementation of the services, inquiries — pursuant to Article 6 (1) (b) of the GDPR (necessity in order to conclude and/or perform a Contract), pursuant to Article 6 (1) (f) of the GDPR (legitimate interest of the Data Controller);

h) Data Controller’s promotion and advertising, if consent was given for this purpose — pursuant to Article 6 (1) (a) of the GDPR (consent);

i) Recording and processing of your image in order to perform the contract and services, defend against claims and demonstrate the correctness of the provided services — pursuant to Article 6 (1) (b) of the GDPR (necessity in order to conclude and/or perform a Contract), pursuant to Article 6 (1) (f) of the GDPR (legitimate interest of the Data Controller);

j) In order to disseminate your image, if consent was given for this purpose — pursuant to Article 6 (1) (a) of the GDPR (consent), Article 6 (1) (b) of the GDPR (necessity in order to conclude and/or perform a Contract);

k) For creating records related to the GDPR and other regulations — pursuant to Article 6 (1) (c) of the GDPR (obligation resulting from legal provisions);

l) Concluding entrustment contracts and keeping a register of entrustment contracts — pursuant to Article 6 (1) (c) of the GDPR (obligation resulting from legal provisions);

m) Considering complaints and claims related to the Contract — pursuant to Article 6 (1) (b) of the GDPR (necessity in order to conclude and/or perform a Contract) and pursuant to Article 6 (1) (c) of the GDPR (obligation resulting from legal provisions);

n) Keeping social media profiles (Facebook, Instagram, LinkedIn) and interacting with users of these social networks — pursuant to Article 6 (1) (f) of the GDPR (legitimate interest of the Data Controller);

o) for the analytical and statistical purposes, such as the analysis of data collected automatically while using the Website or social media services (Instagram, LinkedIn, Facebook), including by cookies, such as Google Analytics cookies — pursuant to Art. 6 (1) (f) GDPR (legitimate interest of the Personal Data Controller);

p) for the purpose of using cookies on the Website and its subpages — pursuant to Article 6 (1) (a) of the GDPR (consent), and pursuant to Article 6 (1) (f) of the GDPR (legitimate interest of the Personal Data Controller);

q) for the purpose of running advertisements in social media — pursuant to Art. 6 (1) (f) GDPR (legitimate interest of the Personal Data Controller).

1. As the Data Controller uses the services of third party service providers, e.g. Facebook, Instagram, Google, LinkedIn, your data may be transferred to third countries, e.g. the United States of America. If that is the case, your data will be transferred only to recipients who guarantee an appropriate level of data protection and security, i.a. by:

a) liaising with data processors in countries, in respect of which the European Commission issued an appropriate decision;

b) using standard contractual clauses issued by the European Commission (as in the case of Google);

c) applying binding corporate rules approved by a competent supervisory authority,

or to such recipients, in respect of whom the Subject agree to the transfer.

2. Further information are in the privacy policy of the specific service provider available on their website. For example:
- Google: https://policies.google.com/privacy
- Meta Platforms Ireland Limited: https://www.facebook.com/privacy/explanation
- LinkedIn: https://pl.linkedin.com/legal/privacy-policy

3. Currently, most of the services offered by Google and Facebook are provided by entities based in the European Union. However, for up-to-date information about personal data protection you should always consult the privacy policy of the respective service provider.

You have the right to access your data, to receive a copy of your data and to rectify it, delete it (if in your opinion there are no grounds for us to process this data, you can request the data to be deleted) or restrict its processing, and the right to transfer the data. You can withdraw your consent at any time, but its withdrawal does not affect the legality of processing on the basis of the consent prior its withdrawal. 

You also have the right to object to the processing of your data on the basis of the legitimate interests of the Data Controller. The Data Controller will cease to process your data for these purposes, unless it can be demonstrated that in relation to this data, there are valid legally valid grounds for the Data Controller that have priority over your interests, rights and freedoms, or that this data will be necessary for the Data Controller to establish, pursue or defend claims.

You have the right to submit a complaint with the Data Protection Commissioner, if you believe that the processing of personal data violates the provisions of the GDPR.

The Subject’s personal data will not be used for automated decision-making that affects the rights and obligations or freedoms of the Subject within the meaning of the GDPR.
The Subject’s data may be profiled by the website and tracking technologies, which helps optimize the website content and solutions. However, this should not have any impact on the legal situation of the Subjects, in particular with regard to the terms and conditions of the contracts they have concluded or the contracts they intend to conclude. The information used is anonymous and is not associated with personal data provided by the Subject. They are derived from statistical data, such as gender, age, personal interests, approximate location, or behaviour on the website.
Each Subject has the right to object to profiling if it would have a negative impact on the Subject’s rights and obligations.

The Data Controller’s website may contain links that will redirect to other websites. They will open in a new browser window or in the same window. The Data Controller accepts no responsibility for the contents of such websites. The Subject  should read the privacy policy or the terms and conditions of those websites.

1. The controller of the Subject’s personal data on the Facebook fanpage „Tomo Yarmush”, the Instagram account „tomo_yarmush” and the LinkedIn profile „tomoyarmush” (hereinafter the “Fanpage”) is the Data Controller.

2. The Subject’s data provided on the Fanpage will be processed for the purpose of administering and managing the Fanpage, communicating with the Subject, enabling interaction, providing the Subject with marketing information and creating a Fanpage community.

3. The basis for processing will be the Subject’s consent and legitimate interest of the Data Controller of enabling interactions with Fanpage Users and Followers. The Subject’s decision to like/follow the Fanpage is voluntary.

4. The rules of the Fanpage are laid down by the Data Controller, however, the use of the social media websites Facebook, Instagram and LinkedIn is governed by the terms and conditions set out thereon.

5. The Subject may unfollow the Fanpage at any time. The Data Controller will then cease to show the Subject the content of the Data Controller related to the Fanpage.

6. The Data Controller has access to the personal data, including the Subject name or general information, which the Subject uploads to their profile page as public. Other personal data is processed by Facebook, Instagram or LinkedIn in accordance with their respective terms and conditions.

7. The Subject’s personal data will be processed for as long as the Fanpage is run/exists on the basis of their consent given by clicking the Like/Follow button on the Fanpage or taking any action, e.g. posting a comment, sending a message, and to pursue the legitimate interests of the Data Controller of marketing of its products or services or defense of legal claims.

8. The Subject’s personal data may be shared with other recipients, such as Facebook, Instagram, LinkedIn, advertising partners or other providers of services for the Fanpage, IT company if the Data Controller comes into contact outside these websites.

9. Any other rights that the Subject might have are described in this privacy policy.

10. The Subject’s data may be transferred to third countries in accordance with the terms of service of Facebook, Instagram or LinkedIn.

11. The Subject’s data may be subject to profiling to facilitate targeted advertising. It will not be subject to automated processing within the meaning of the GDPR (affecting the Subject’s rights and freedoms).

1. All contents (e.g. images, texts, other material, etc.) published on the Website are protected by copyright owned by specific persons and/or the Data Controller. No copyrighted content may be copied in whole or in part without the Data Controller’s express consent.

2. Distribution of any contents published by the Data Controller is prohibited by law and it may give rise to liability under civil and criminal law. The Data Controller may also claim damages for any material or non-material losses sustained by it in accordance with applicable regulations.

1. Similarly to most other websites, the Personal Data Controller’s Website uses tracking technologies, referred to as “cookies”, which are used to adapt and improve the Website and provide a better user experience for the visitors.

2. The Website does not automatically collect any information, with the exception of information contained in cookie files.

3. Cookies contain computer data and have the form of small text files that are stored on your end device, such as a computer, tablet, or smartphone, while you are using my Website.

4. These may include my own cookies (originating directly from my Website) and third-party cookies (originating from websites other than my Website).

5. Cookies are used to adapt the content of my Website to your individual preferences and the needs of other users visiting my Website. Cookies are also used for making statistics to illustrate the ways in which the visitors use the Website and how they navigate it. This enables me to improve my Website, its content, structure and appearance.

6. The Personal Data Controller uses the following third-party cookies on the Website:

• Built-in Google Analytics code — to analyze Website statistics. Google Analytics uses its own cookies to analyze the actions and behaviour of Website users. These files are used to store information, such as the website from which the user navigated to the current website. They help improve the Website.
  
  This tool is provided by Google Ireland Limited. The actions in relation to the using the Google Analytics code are based on the Personal Data Controller’s legitimate interest in creating and using the statistics for the purposes of improving the Personal Data Controller’s services and optimization of the Website.
  
  While using Google Analytics, the Personal Data Controller does not process any data of the user that would enable his or her identification.
  
  The Personal Data Controller recommends you to read the details of using Google Analytics, including the option to disable the tracking code and, if necessary, submit any questions to the provider of the tool here: https://support.google.com/analytics#topic=3544906. 
  
  
• Social media plugins and links pointing, such as Facebook, Instagram and LinkedIn.
  After clicking the plugin icon, the user is taken to the external provider’s website, in this case the owner of the particular social networking site, such as Facebook. Afterwards, the user has the option to click the “Like” or “Share” buttons to like the Personal Data Controller’s fanpage on Facebook or directly share its content (such as a post, an article, a video etc.). 
  
  The Personal Data Controller recommends you to read Facebook’s Privacy Policy before creating a profile there. The Personal Data Controller cannot affect the data processed by Facebook in any way. From the moment the user clicks the social media plugin, personal data is processed by the social networking site, such as Facebook, which becomes the Personal Data Controller and decides about the purposes and extent of the processing. Cookies left by the Facebook plugin (or other third-party plugins) may also be used on the user’s device after vising the Website and then associated with the data gathered by Facebook. Using the Website means that the user accepts that. The Personal Data Controller does not affect the processing of data by third parties in this way.
  
  The mentioned points refer to:
  - Facebook: https://www.facebook.com/tomoyarmush
  - Instagram: https://www.instagram.com/tomo_yarmush
  - LinkedIn: https://www.linkedin.com/in/tomoyarmush
  
  
• Contents originating from third party websites
  The Data Controller may embed on its Website contents that originate from portals, blogs or other websites of third parties. These contents may include in particular YouTube or Vimeo videos. The third parties may collect data on your use of their contents. If you do not wish them to do so, please log out of their website (provided that you have an account and are logged in) before you visit the Data Controller’s Website or do not use their contents on the Website. You can also change your browser settings to block contents originating from particular websites.
  

7. The Personal Data Controller recommends you to read the Privacy Policy of the providers of the services referred to above in order to understand what changes can be made and what settings can be used to protect the user’s rights.

8. The Website uses two types of cookies: session cookies, which are deleted when the user closes his or her browser, or when he or she logs out or leaves the Website, and permanent cookies, which allow the Website to recognize your browser whenever you visit the Website, which are stored on the user’s end device for a period of time defined in the cookie parameters or until they are removed by you.

9. In many cases, software used for browsing Websites (Web browsers) allows storage of cookies on the user’s end device by default. Users of the Website may change their cookie settings at any time. These settings can be changed, in particular in such a way as to block the automatic handling of cookies in the Web browser settings, or notify the User of any cookies being stored on the Website user’s device. Detailed information about cookie handling options can be found in the software settings of your Web browser.

10. The Personal Data Controller hereby notifies that limiting the use of cookies (by disabling or restricting them) may negatively affect or disable some of the functionalities available on the Website.

11. More information on cookies can be found at https://www.allaboutcookies.org or in the “Help” section in the browser’s menu.

1. Using the Website involves sending queries to the server on which the Website is stored.

2. Each query sent to the server is saved in the server logs. These logs include the user’s IP address, server date and time, and information about the user’s web browser and operating system.

3. Logs are saved and stored on the server.

4. The server logs are used for the purposes of administration of the Website and their content is not disclosed to anyone except persons and entities authorized to administer the server.

5. The Personal Data Controller does not use the server logs to identify the user in any way.