Privacy and cookies policy

If you are here, it is a reliable sign that you value your privacy. I understand this very well, which is why I am handing over to you a document in which I have described in one place the principles for processing personal data and using cookies and other tracking technologies in connection with the operation of the https://bankwspomnien.pl website and the https://sklep.bankwspomnien.pl shop.

A formal note to start – the website administrator is Weronika Gasperczyk, trading as ‘Weronika Gasperczyk’, ul. Jana Kilińskiego 1/26, 80-452 Gdańsk, Poland, TaxID: PL6462645450.

This privacy policy has been structured in a question and answer format. The choice of this form was determined by a concern for the clarity and legibility of the information presented to you. Below you will find the table of contents of this policy corresponding to the questions I am answering in turn.

# 1: Who is the controller of your personal data?

# 2: Who can you contact regarding the processing of your personal data?

# 3: What information do I have about you?

# 4: Where do I get your personal data from?

# 5: Is your data safe?

# 6: For what purposes do I process your personal data?

User account – details

Orders – details

Recovering an abandoned shopping cart – details

Complaints and withdrawals – details

Newsletter – details

Product comments and reviews – details

Correspondence management – details

Tax and accounting obligations – details

Archive – details

Social media – details

Analysis and statistics – details

Own marketing – details

Additional tools – details

# 7: How long will I keep your personal data?

# 8: Who are the recipients of your personal data?

# 9: Do I transfer your data to third countries or international organisations?

# 10: Do I use profiling? Do I make automated decisions based on your personal data?

# 11: What rights do you have in relation to the processing of your personal data?

# 12: Do I use cookies and what are they?

# 13: On what basis do I use cookies?

# 14: Can you disable cookies?

# 15: For what purposes do I use my own cookies?

# 16: What third-party cookies are used?

AddToAny – details

BuyMeaCoffee – details

Facebook Custom Audiences – details

Google AdSense – details

Google AdWords – details

Google Analytics – details

Google Tag Manager – details

HotJar – details

MailerLite – details

Social media tools – details

SoundCloud – details

Vimeo – details

wpDiscuz – details

YouTube – details

# 17: Do I track your behavior undertaken within my website?

# 18: Am I targeting you with targeted advertising?

# 19: How can you manage your privacy?

# 20: What are server logs?

# 21: Is there anything else you should know?

# 22: Is this privacy policy subject to change?

If you have any concerns about the privacy policy, you can contact me at any time by sending an email to rodo@bankwspomnien.pl.

# 1: Who is the controller of your personal data?

The administrator of your personal data is Weronika Gasperczyk, conducting business under the name “Weronika Gasperczyk”, ul. Jana Kilińskiego 1/26, 80-452 Gdańsk, Poland, TaxID: PL6462645450.

# 2: Who can you contact regarding the processing of your personal data?

As part of the implementation of data protection in my organisation, I have decided not to appoint a Data Protection Officer due to the fact that it is not mandatory in my situation. You can contact rodo@bankwspomnien.pl on matters relating to data protection and privacy more broadly.

# 3: What information do I have about you?

Depending on the purpose, I may process the following information about you:

• first name and surname;
• residential address;
• business address;
• Tax identification number;
• e-mail address;
• phone number;
• data contained in correspondence addressed to me;
• bank account number / details;
• IP address;
• image (profile picture);
• the products you have viewed and/or ordered ;
• details of orders placed, including order history and delivery addresses;
• details of abandoned baskets;
• activity in relation to messages sent as part of the newsletter;

I have described the scope of the data processed precisely for each processing purpose. Information in this regard can be found below in this policy.

I also use tools that collect a range of information about you related to your use of my website. This concerns, in particular, the following information:

• information about the operating system and web browser,
• viewed sub-pages,
• time spent on the site,
• transitions between individual sub-pages,
• clicks on individual links,
• the source from which you go to the page,
• the age range you are in,
• Your gender,
• Your approximate location limited to the village.
• Your interests as determined by your on-line activity.

This information is referred to hereafter in this privacy policy as „Anonymous Information”.

Anonymous information in itself does not, in my opinion, have the character of personal data, as it does not allow me to identify you and I do not collate it with the typical personal data I collect about you. However, given the strict jurisprudence of the Court of Justice of the European Union and the divided opinions among lawyers, as a precaution, in case Anonymous Information is attributed with the character of personal data, detailed explanations are also included in this privacy policy with regard to the processing of this information.

As Anonymous Information is collected by external tools I use (the tools are detailed later in this privacy policy), Anonymous Information is also processed by tool providers under the terms of their terms of use and privacy policies.

Anonymous information is also used by the providers of individual tools to provide and improve services, manage services, develop new services, measure the effectiveness of advertising, protect against fraud and abuse, and personalize the content and advertising displayed on individual services, websites and applications.

# 4: Where do I get your personal data from?

In most cases, you hand them over yourself. This happens when:

• you register a user account,
• you place your order,
• you send a complaint or withdraw from the contract,
• you sign up to the newsletter,
• add comment/review,
• you contact via e-mail,
• you observe social media profiles or interact with content published on social media.

In addition, some information about you may be automatically collected by the tools I use:

• The mechanism of the website and the newsletter system collects your IP address;
• The mechanism of the website collects information about the products you have viewed, details of orders placed, including unfinished ones;
• The mechanism of the newsletter system collects information about your activity in relation to the content sent to you within the newsletter, such as opening messages, clicking on links, etc;
• external tools (e.g. Google Analytics) using cookies (the tools are described in detail later in this privacy policy) collect Anonymous Information related to your activities on the website.

# 5: Is your data safe?

I take care of the security of your personal data. I have analysed the risks involved in the various processes of processing your data and then implemented appropriate security and data protection measures. I continuously monitor the state of the technical infrastructure, train staff, look at the procedures in place and make the necessary improvements. If you have any questions about your personal data, I am at your disposal at rodo@bankwspomnien.pl.

# 6: For what purposes do I process your personal data?

There is more than one of these objectives. These are listed below, followed by a more detailed description. I have also assigned the respective legal bases for processing to the various purposes:

• registration and maintenance of a user account – art. 6 point 1(b) GDPR;
• order handling – art. 6 point 1(b) GDPR,
• recovery of an abandoned shopping cart – art. 6 point 1(f) GDPR,
• handling of complaints or withdrawal from the contract – art. 6 point 1(f) GDPR,
• newsletter handling – art. 6 point 1(a) and art. 6 point 1(f) GDPR,
• handling comments or feedback on the product – art. 6 point 1(a) GDPR
• correspondence management – art. 6 point 1(f) GDPR,
• fulfillment of tax and accounting obligations – art. 6 point 1(c) of the GDPR in connection with the relevant tax legislation,
• creation of an archive for the possible need to defend, establish or assert claims – art. 6 point 1(f) GDPR,
• social media handling – art. 6 point 1(f) GDPR,
• analysis and statistics and optimization – art. 6 point 1(f) GDPR,
• own marketing – art. 6 point 1(f) GDPR,
• Ensuring that the YouTube and SoundCloud player, social plug-ins and wpDiscuz comments work – art. 6 point 1(f) GDPR.

User account – details

When you create a user account, you will need to provide the data necessary to set up the account: e-mail address and password. The provision of data is voluntary, but necessary to create an account.

Within the framework of editing your account details, you can enter your further data, in particular data that can be used to place orders, such as your name, address of residence or place of business, Tax ID number, and phone number. As part of editing your account details, you can also set your avatar, e.g. a profile picture that includes an image.

If you create an account through integration with a social media account, I will gain access to certain data stored within the social media account (name, email address, profile picture) on the basis of your prior authorization.

In addition, my system used for user accounts records your IP number, which you used when registering your user account.

You can modify the information about you provided in connection with the registration of your user account at any time. However, in a situation where you have set up an account using an integration with a social network account, the data retrieved from the social network cannot be modified.

The data provided by you in connection with the creation of an account is processed to provide you with the electronic service of providing you with a user account. This service is provided on the basis of a contract concluded under the terms and conditions described in the Terms and Conditions, which means that, in this respect, the legal basis for the processing of your personal data is art. 6 point 1(b) GDPR.

The data will be stored for the duration of the user account and thereafter until the expiry of the limitation period for claims relating to the user account service.

You can decide to delete your account at any time, but this will not lead to the removal of information about your orders placed using your account from my database. Order data is kept in my archives for the entire period of operation of the website due to ensuring that a returning customer can be identified, their purchase history reconstructed, discounts granted, etc., which is my legitimate interest as referred to in art. 6 point 1(f) GDPR.

Orders – details

When placing an order, you will need to provide the data necessary to process the order: email address, name, invoice details. Depending on the details of the order, the data catalogue may be different. For example, if you order physical products, I need to know the address where I will deliver your order to you. If you request a VAT invoice for a company, I need to know the VAT number and business address. The provision of data is voluntary, but necessary to place an order.

In addition, the system used to handle the order process saves your IP number, which you used when placing the order.

Each order is saved in my database, which means that your personal data assigned to the order is also accompanied by order-related information such as the date and time of the order, order ID, transaction ID, subject of the order, price, method, and date of payment, date and time of downloading the purchased digital content, selected delivery method. Data collected in connection with an order, is processed for:

• the performance of a contract concluded by placing an order (article 6 point 1(b) GDPR);
• to issue an invoice (article 6 point 1(c) GDPR in connection with the relevant invoicing legislation);
• the inclusion of the invoice in the accounting records and the fulfillment of other tax and accounting obligations (article 6 point 1(c) GDPR in connection with the relevant provisions governing tax and accounting obligations);
• inclusion in the archive for the possible need to defend, establish or assert claims, as well as to identify a returning customer, which is my legitimate interest (article 6 point 1(f) GDPR).

Order data is processed for the time required to process the order and thereafter until the expiry of the limitation period for contractual claims. In addition, after the expiry of this period, data may still be processed by me for archival purposes for the possible need to defend, establish or assert claims, as well as to identify the returning customer.

Please also note that I am required to keep accounting records, which may contain your personal data, for the period required by law.

You can access your order data at any time. However, it is not possible to rectify this data, with the exception of a note or corrective invoice if it has been issued in error. I inform you that I see my overriding interest in storing your order data until the limitation period for contractual claims has expired.

Abandoned basket recovery mechanism – details

I use an abandoned basket recovery mechanism on the website. In a situation where you start the order process but do not complete it, my system will note this fact in order to take action to encourage you to complete your order. These actions could be, in particular, sending you an email with an incentive to finalize your order or displaying a targeted advertisement when you are browsing on-line content.

I am relying in this respect on my legitimate interest as referred to in art. 6 point 1(f) GDPR. The business is marketing its own products and services. You can object to receiving messages as part of the abandoned basket recovery mechanism by clicking on the relevant link contained in the message you receive.

Complaints and withdrawals – details

If you make a complaint or withdraw from the contract, you provide the personal data contained in the content of the complaint or withdrawal declaration, which includes your name, address, telephone number, e-mail address, and bank account number. The provision of data is voluntary, but necessary in order to make a complaint or withdraw from the contract.

The data provided to me in connection with the lodging of a complaint or withdrawal from a contract are used for the purposes of the complaint procedure or withdrawal procedure and subsequently for archiving purposes, which constitutes a legitimate interest (article 6 point 1(f) GDPR).

The data will be processed for the time necessary for the complaint procedure or the withdrawal procedure. The complaint documents will be stored until the warranty entitlement period has expired. Statements of withdrawal will be kept with the accounting records for the period required by law.

Newsletter – details

By signing up for the newsletter, you provide me with your name and email address. The provision of data is voluntary but necessary to subscribe to the newsletter.

In addition, the system used to handle the newsletter records your IP number, which you used when signing up for the newsletter, determines your approximate location, the email client you use to handle your email, and tracks your actions taken about the messages sent to you. In this connection, I also have information on which messages you have opened, within which messages you have clicked on links, etc.

The data you provide to me in connection with your subscription to the newsletter is used for the purpose of sending you the newsletter, and the legal basis for its processing is your consent (article 6 point 1(a) GDPR) given when you signed up to the newsletter. With regard to the processing of information that does not originate from you but is collected automatically by the mailing system, I rely in this respect on my legitimate interest (article 6 point 1(f) GDPR) to analyze the behavior of newsletter subscribers in order to optimize mailing activities.

You can unsubscribe from the newsletter at any time by clicking on the dedicated link included in each message sent as part of the newsletter or by simply contacting me. Despite opting out of the newsletter, your data will continue to be stored in the database for the purpose of identifying the returning subscriber and for the possible defense of claims relating to the sending of the newsletter to you, in particular for the purpose of demonstrating the fact that you have given your consent to receive the newsletter and when you withdrew it, which constitutes the legitimate interest referred to in art. 6 point 1(f) GDPR.

You can modify your details given for the purposes of receiving the newsletter at any time by clicking on the relevant link visible in each message sent as part of the newsletter or by simply contacting me.

Comments and product reviews – details

When adding a comment or product review, you must provide at least a user name that will be assigned to the comment or review (the name may include personal details, such as your first or last name) and an e-mail address. The provision of this data is voluntary but necessary to add a comment or review. You can also add your avatar (which can include your image, e.g. a photo) and provide your website address, but this is not obligatory.

The data provided in connection with the addition of a comment or opinion will be processed for the purpose of publishing the comment or opinion on the website. The basis for the processing is your consent (article 6 point 1(a) GDPR) resulting from the submission of the form used to publish a comment or review. You can withdraw your consent at any time by requesting the deletion of your comment or opinion.

Your comment or opinion will remain publicly available on the site for the duration of its on-line availability unless you request the removal of the comment or opinion beforehand. You can also modify the content of a comment at any time, as well as modify the data assigned to it as about the person who added the comment or review.

The comment system is operated by an external provider, gVectors.com. Use of the comment system is subject to the terms and conditions and privacy policy of wpDiscuz. gVectors.com is a stand-alone, independent entity providing electronic services to you and processing your personal data in connection with the use of these services. You can use wpDiscuz either without creating a user account or as a registered user after registering – this is up to you.

The comment you add, along with your details made public within the wpDiscuz settings, will be visible on the site. You can modify and delete your comment at any time.

The legal basis for the processing of your personal data in the case of the comment system is the legitimate interest referred to in art. 6 point 1(f) GDPR, and which in this case consists of the operation of the comment system.

Correspondence management – details

When you contact me, you naturally provide your personal data contained in the body of your correspondence, in particular your e-mail address and your name. The provision of data is voluntary, but necessary to make contact.

Your data is processed in this case for the purpose of contacting you, and the basis for processing is art. 6 point 1(f) GDPR, i.e. a legitimate interest. The legal basis for post-contact processing is also the legitimate interest of archiving correspondence to ensure that we can prove certain facts in the future (article 6 point 1(f) GDPR).

The content of the correspondence may be subject to archiving and I am not in a position to state clearly when it will be deleted. You have the right to request the history of any correspondence you have had with me (if it has been archived), as well as to request its deletion unless its archiving is justified by overriding interests, e.g. defense against potential claims on your part.

Tax and accounting responsibilities – details

If I issue an invoice to you, it forms part of your accounting records, which will be kept for the period of time required by law. Your personal data is then processed for the purpose of fulfilling my tax and accounting obligations (art. 6 point 1(c) GDPR in connection with the relevant legislation governing tax and accounting obligations).

Archive – details

As part of the description of the various purposes for processing personal data, time limits for storing personal data are indicated. These time limits are often related to the archiving of certain data in order to ensure that we can prove certain facts in the future, reconstruct the course of our cooperation with the customer, the correspondence exchanged, or to defend, establish or assert claims. I am relying in this respect on my legitimate interest as referred to in art. 6 point 1(f) GDPR.

Social media – details

If you follow my social media profiles or interact with content I publish on social media, I can naturally see your data, which is publicly available in your social profile. I shall only process this data within the social network concerned and for the sole purpose of operating the social network concerned, which constitutes a legitimate interest as referred to in art. 6 point 1(f) GDPR.

Your use of social networking sites is subject to the rules and privacy policies of the administrators of those sites, and those administrators provide electronic services to you, fully independently and autonomously.

I encourage you to use social networks consciously and to take care of your privacy within them, in particular by choosing the content you make public and managing your privacy settings prudently.

Analytics and stats – details

I collect statistical information about users’ browsing behavior on my websites, such as clicks on links, transitions between sub-pages, time spent on individual pages, etc. I analyze this information to optimize my pages for user experience, efficiency, and conversion. In most cases, the information processed in this way is not personal data. The exception is if you are a registered user. I can then collate this information with other data you have collected in your user account.

I carry out the activities described above on the basis of my legitimate interest referred to in art. 6 point 1(f) GDPR consists of optimizing my websites.

I carry out analytical and statistical activities using the tools described in detail later in this privacy policy. Within the analytical tools, I only have access to Anonymous Information.

As mentioned earlier, Anonymous Information in itself does not, in my opinion, have the character of personal data, as it does not allow me to identify you and I do not collate it with the typical personal data I collect about you. Nevertheless, taking into account the strict jurisprudence of the Court of Justice of the European Union and the divided opinions among lawyers, as a precaution, in case Anonymous Information is attributed to the character of personal data, detailed explanations are also included in this privacy policy about the processing of this information.

I base the processing of Anonymous Information on the legitimate interest referred to in art. 6 point 1(f) GDPR. The legitimate interest consists of creating, reviewing, and analyzing statistics related to user activity on the website in order to draw conclusions for the subsequent optimization of the website.

I am unable to provide you with access to Anonymous Information about you, as we are unable to attribute any of the Anonymous Information to any specific user. From external tools, we only have access to a set of statistics and information not assigned to specific individuals.

You may, however, object to the processing of Anonymous Information about you by disabling external tool cookies in the cookie settings called up by clicking on the relevant link in the footer of the page.

Own marketing – details

I carry out marketing activities using third-party tools described in detail later in this privacy policy. As part of the marketing tools, I only have access to Anonymous Information.

My website may also collect information about your activity and, based on this, display targeted advertising to you as you browse online content. My website may also collect information about your activity and, based on this, display targeted advertising to you as you browse on-line content. Only when they are collated with your personal data stored in your user account do they become personal data.

As mentioned earlier, Anonymous Information in itself does not, in my opinion, have the character of personal data, as it does not allow me to identify you and I do not collate it with the typical personal data I collect about you. Nevertheless, given the strict jurisprudence of the Court of Justice of the European Union and the divided opinions among lawyers, as a precaution, in case Anonymous Information is attributed to the nature of personal data, detailed explanations are also included in this privacy policy regarding the processing of such information.

I carry out the activities described above based on my legitimate interest referred to in art. 6 point 1(f) GDPR consists of the marketing of our own products.

I am unable to provide you with access to Anonymous Information about you because we are unable to attribute any of the Anonymous Information to any specific user. From external tools, we can only see a set of statistics and information not assigned to specific individuals.

You can, however, object to the processing of Anonymous Information about you by disabling third-party tool cookies in the cookie settings invoked by clicking on a relevant link in the footer of the page.

Additional tools – details

I can embed videos from YouTube, audio recordings from SoundCloud, use social plugins and wpDiscuz comments on the site. All of these tools process Anonymous Information.

As mentioned earlier, Anonymous Information by itself does not, in my opinion, have the character of personal information, because it does not allow me to identify you and I do not collate it with the typical personal information I collect about you. Nevertheless, given the strict jurisprudence of the Court of Justice of the European Union and the divided opinions among lawyers, as a precaution, in case Anonymous Information is attributed to the nature of personal data, detailed explanations are also included in this privacy policy regarding the processing of such information.

I base the processing of Anonymous Information on the legitimate interests referred to in art. 6 point 1(f) GDPR. The legitimate interest in this case is to ensure that additional functions can be used on the website.

I am unable to provide you with access to Anonymous Information about you because we are unable to attribute any of the Anonymous Information to any specific user. From external tools, we can only see a set of statistics and information not assigned to specific individuals.

You can, however, object to the processing of Anonymous Information about you by disabling third-party tool cookies in the cookie settings invoked by clicking on a relevant link in the footer of the page.

# 7: How long will I keep your personal data?

Data retention periods are indicated separately in relation to each processing purpose. You will find this information within the details dedicated to each separate processing purpose. Most data are deleted after the expiry of the limitation period for claims.

# 8: Who are the recipients of your personal data?

I would venture to say that modern businesses cannot do without third-party services. I also use such services. Some of these services involve the processing of your personal data. External service providers who are involved in the processing of your personal data are:

• the hosting provider who stores the data on the server;
• provider of a cloud computing service that stores files that may contain your personal data;
• the provider of the mailing system in which your data is stored if you are a newsletter subscriber;
• provider of a CRM system in which I store your data to improve the customer service process and for archiving purposes;
• the supplier of the invoicing system in which your data are stored for the purpose of issuing invoices;
• the accounting company that processes your invoice data;
• courier companies that process your data to the extent necessary to deliver your order to you;
• a law firm that accesses the data if this is necessary to provide legal assistance to me;
• a maintenance service provider who gains access to the data if the technical work carried out relates to areas where personal data are located;
• other subcontractors who gain access to the data if the scope of their activities requires such access.

All the entities mentioned above process your data on the basis of personal data processing trust agreements and guarantee an adequate level of personal data protection.

Your personal data may also be forwarded to the tax authorities to the extent necessary for the fulfillment of tax and accounting obligations. This includes, in particular, all declarations, reports, statements, and other accounting documents containing your personal data.

In addition, if necessary, your personal data may be made available to entities, authorities, or institutions entitled to access the data under the law, such as police, security services, courts, and public prosecutors’ offices.

What’s more, when it comes to Anonymous Information, providers of tools or plug-ins that collect Anonymous Information have access to it. The providers of these tools are the independent controllers of the data collected in them and may share this data under the terms and conditions they set out in their own rules and privacy policies, which are beyond my control.

# 9: Do I transfer your data to third countries or international organizations?

Yes, part of the processing of your personal data may involve transfers to third countries.

I transfer your personal data to third countries in connection with the use of tools that store personal data on servers located in third countries, in particular in the USA. The providers of these tools guarantee an adequate level of protection of personal data through the relevant compliance mechanisms provided by the GDPR, in particular through the use of standard contractual clauses.

The storage of personal data on servers located in third countries takes place within the following tools:

• Google’s services as part of the Google Workspace package, whose provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland – with regard to all data that is processed as part of Google’s services, including that contained in files that are subject to synchronization with Google Drive.

I would also like to remind you at this point that I use external tools that may collect Anonymous Information. I have already mentioned this several times within this policy, including in response to a previous question. The providers of these tools often use servers located around the world, particularly in the United States of America (USA), to store the information they collect.

# 10: Do I use profiling? Do I make automated decisions based on your personal information?

I do not make decisions towards you based solely on automated processing, including profiling, which would produce legal effects towards you or similarly significantly affect you.

Yes, I do use tools that I can take certain actions depending on the information collected by the tracking mechanisms, but I believe that these actions do not have a material impact on you, as they do not differentiate your situation as a customer, do not affect the terms of the contract you may enter into with me, etc.

Using certain tools, I may, for example, target you with personalized advertising based on previous actions you have taken on the site or suggest products that may be of interest to you. We are talking here about the so-called behavioral advertising. I encourage you to deepen your knowledge of behavioral advertising, particularly with regard to privacy issues. You can find detailed information, along with the ability to manage your behavioral advertising settings, here.

I emphasize that within the tools I use, I do not have access to information that would allow me to identify you. The information I’m talking about here, in particular, is:

• information about the operating system and web browser you are using;
• subpages viewed;
• time spent on the site;
• transitions between different sub-pages;
• The source from which you go to my site;
• The age range you are in;
• Your gender;
• Your approximate location limited to localities;
• Your interests determined by your online activity.

I do not collate the information indicated above with your personal information that is in my databases. This information is anonymous and does not allow me to identify you. This information is stored on the servers of the providers of the individual tools, and these servers can most often be located around the world.

An exception to the anonymous nature of the information mentioned above is if you have a user account. Then this information can be compiled with your data collected in your user account. However, I still do not make decisions using this information against you that is based solely on automated processing, including profiling, that would produce legal effects or similarly materially affect you. I believe that the activities of targeting ads to you depending on your activity on my site and taking optimization measures do not affect you in a significant way. Therefore, in this regard, I rely on my legitimate interest as referred to in art. 6 point 1(f) GDPR.

# 11: What rights do you have in relation to the processing of your personal data?

GDPR grants you the following potential rights related to the processing of your personal data:

• The right to access your data and receive a copy of it,
• The right to rectify (amend) your data,
• The right to erasure (if, in your opinion, there are no grounds for your data to be processed, you can demand erasure),
• The right to restrict data processing (you can request that I restrict data processing only to storing the data or carrying out activities agreed with you, if, in your opinion, I have incorrect data or am processing it unfoundedly),
• The right to object to processing (you have the right to object to processing on the basis of a legitimate interest; you should indicate the particular situation that you believe justifies the cessation of processing covered by the objection; I will stop processing your data for these purposes unless I demonstrate that the grounds for processing override your rights or that your data are necessary for me to establish, assert or defend claims),
• The right to data portability (you have the right to receive in a structured, commonly used, machine-readable format the personal data you have provided under the contract or your consent; you can have this data sent directly to another entity),
• The right to withdraw consent to the processing of personal data, if you have previously given such consent,
• The right to lodge a complaint with a supervisory authority (if you find that I am processing your data unlawfully, you can file a complaint about it with the President of the Office for Personal Data Protection (PUODO) or any other competent supervisory authority).

The rules related to the exercise of the rights indicated above are described in detail in art. 16 – 21 GDPR. I encourage you to take a look at these recipes. For my part, I consider it necessary to explain to you that the rights indicated above are not absolute and you will not be entitled to all processing activities of your personal data.

I would like to emphasize that one of the rights indicated above is always available to you – if you consider that there has been a violation of data protection regulations in the processing of your personal data, you have the opportunity to file a complaint with the supervisory authority (President of the Office for Personal Data Protection – PUODO).

You can also always request access to information about what data I have about you and for what purposes I process it. Just send an email to rodo@bankwspomnien.pl. However, I have made every effort to ensure that the information of interest to you is comprehensively presented in this privacy policy. You can also use the e-mail address provided above if you have any questions about the processing of your personal data.

# 12: Do I use cookies and what are they actually?

My website, like almost all other websites, uses cookies.

Cookies are small textual information stored on your terminal device (e.g. computer, tablet, smartphone), which can be read by my ICT system (own cookies) or third-party ICT systems (third-party cookies). Cookies may record and store certain information, which can then be accessed by ICT systems for specific purposes.

Some cookies used are deleted when the browser session ends, i.e. when the browser is closed (so-called session cookies). Other cookies are stored on your terminal device and allow your browser to recognize you the next time you visit the site (persistent cookies).

If you want to learn more about cookies as such, you can read, for example, this material.

# 13: On what basis do I use cookies?

I use cookies on the basis of your consent, except when cookies are necessary for the proper provision of electronic services to you.

Cookies that are not necessary for the proper provision of the electronic service will remain blocked until you consent to the use of cookies. During your first visit to the site, I display a message asking for your consent along with the option to manage cookies, i.e. to decide which cookies you agree to and which you want to block.

Please note that disabling or restricting cookies may prevent you from using some of the features available on the website and cause difficulties in using the website, as well as many other websites that use cookies. For example, if you block the cookies of social networking plug-ins, the buttons, widgets and social features implemented on the site may not be available to you.

# 14: Can you disable cookies?

Yes, you can manage your cookie settings within your web browser. Yes, you can manage your cookie settings within your web browser. You can also block cookies of specific sites. You can also delete previously saved cookies and other site and plug-in data at any time.

Web browsers also offer incognito mode. You can use it if you don’t want information about the pages you visited and the files you downloaded to be stored in your browsing and download history. Cookies created in incognito mode are deleted when all windows of this mode are closed.

There are also browser plug-ins available to control cookies, such as Ghostery. The option to control cookies may also be provided by additional software, in particular antivirus packages, etc.

In addition, there are tools on the Internet that allow you to control certain types of cookies, in particular, to collectively manage behavioral advertising settings.

Please note that disabling or restricting cookies may prevent you from using some of the features available on the website and cause difficulties in using the website, as well as many other websites that use cookies. For example, if you block the cookies of social networking plug-ins, the buttons, widgets and social features implemented on my site may not be available to you.

# 15: For what purposes do I use my own cookies?

Proprietary cookies are used to ensure the proper functioning of the various mechanisms of the site, such as remembering the contents of the shopping cart for a certain period of time after adding selected products to it, proper transmission of forms visible on the site, handling newsletter forms, etc.

Custom cookies also store information about your defined cookie settings made from the cookie management mechanism.

# 16: What third-party cookies are used?

The following third-party cookies operate within my site:

• AddToAny;
• BuyMeaCoffee;
• Facebook Custom Audiences;
• Facebook, Twitter, LinkedIn, Pinterest (social media tool cookies);
• Google AdSense;
• Google AdWords;
• Google Analytics;
• Google Tag Manager;
• HotJar;
• MailerLite;
• SoundCloud;
• Vimeo;
• wpDiscuz;
• YouTube.

Details of individual third-party cookies are described below.

AddToAny – details

I use the WordPress plugin AddToAny, which allows you to share my articles on social media. AddToAny complies with the GDPR (EU General Data Protection Regulation) and does not collect personal data.

Data collected by the plug-in: typical server log data, typical details about the browser used. The user’s IP address is anonymized. Server data is stored for no more than 30 days. For more information on AddToAny’s privacy policy at https://www.addtoany.com/privacy.

BuyMeaCoffee – details

I use the BuyMeaCoffee plugin, which allows you to support my work by “buying me coffee,” i.e. donating the amount of your choice. The BuyMeaCoffee plugin is owned by Publisherrr, Inc. headquartered at 2035 Sunset Lake Road, Suite B-2 Newark, DE 19702, USA.

Data collected by the plug-in: typical server log data, typical details about the browser used. BuyMeaCoffee transmits the selected data (IP address and the email address you provided) to the payment provider of your choice when processing your payment. BuyMeaCoffee may also process your payment/credit card information for payment purposes, as well as information that you support me with your donation. No data is transferred to me. For more information on BuyMeaCoffee’s privacy policy, please visit https://www.buymeacoffee.com/privacy-policy.

Facebook Custom Audiences – details

As part of the Facebook Ads system provided by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA, I use the Custom Audience Groups feature to target specific groups of users with targeted advertising messages. I perform activities in this regard based on my legitimate interest in marketing my own products or services.

In order to target you with ads personalized to your behavior on my site, I have implemented the Facebook Pixel within my site, which automatically collects information about your use of my site. The information collected in this way is usually transmitted to Facebook’s servers, which may be located around the world, particularly in the United States of America (USA).

The information collected within the Facebook Pixel is anonymous, i.e. do not allow me to identify you. Depending on your activity on my sites, you may end up in a certain audience, but I do not in any way identify individuals belonging to these groups.

However, I am informing you that Facebook may combine the information it collects with other information about you collected through your use of Facebook and use it for its own purposes, including marketing. Such actions by Facebook are no longer up to me, and you can look for information about them directly in Facebook’s privacy policy: https://www.facebook.com/privacy/explanation. From your Facebook account, you can also manage your privacy settings. Here you will find useful information in this regard: https://www.facebook.com/ads/settings.

Google AdSense – details

I display advertisements on my sites as part of the Google AdSense network operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. I carry out activities in this regard based on my legitimate interest in monetizing content published by me.

My website, in connection with displaying ads on it within the AdSense network, contains ad tags that issue a command to your web browser to send a request for advertising content from Google’s servers. Along with the advertising content, the server also sends a cookie. Cookies are used to display advertisements based on your previous visits to my site or other websites. AdSense also uses cookies to improve the quality of ads. Common applications include targeting ads based on the topics you’re interested in, improving campaign performance reports and skipping ads you’ve already seen.

I emphasize that by using Google AdSense, I do not collect any data that would identify you. Any collation of data in such a way that it takes on the character of personal data may be done on Google’s part, but to this extent I am no longer responsible for this, since Google performs these actions on the basis of the contract concluded with you as a user of Google services.

Further processing of the information only takes place if you have given your consent to Google to link your browsing history to your account and to use the information from your Google account to personalize the ads that are displayed on the websites. In this situation, Google will use your data to create and define lists of target groups for re-marketing on different devices. To do this, Google temporarily combines the information it collects with other data it has to create target groups.

If you do not want to receive personalized ads, you can manage your ad settings directly on Google’s side: https://adssettings.google.com/.

If you are interested in details related to Google’s use of data from sites and applications that use Google services, I encourage you to read this information: https://policies.google.com/technologies/partner-sites.

Google AdWords – details

I use remarketing features available within the Google AdWords system operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. I carry out activities in this regard based on my legitimate interest in marketing my own products or services.

When you visit my website, a Google re-marketing cookie is automatically left on your device to collect information about your activity on my website. With the information gathered in this way, I am able to display ads to you within the Google network depending on your behavior on my site. For example, if you display a product, this information will be noted by a re-marketing cookie. This will make it possible for me to target you with an advertisement for this product or any other I deem appropriate. This advertisement will be displayed to you within the Google network when you use the Internet, browse other websites, etc.

I emphasize that when using Google Ads, I do not collect any data that would identify you. The possible collation of data in such a way that it takes on the character of personal data may be done on Google’s part, but to this extent, I am no longer responsible for this, since Google performs these actions on the basis of the contract concluded with you as a user of Google services.

Using Google AdWords, I am only able to define the audiences I would like my ads to reach. Based on this, Google decides when and how it will present you with my ad.

Further processing of the information only takes place if you have given your consent to Google to link your browsing history to your account and to use the information from your Google account to personalize the ads that are displayed on the websites. In this situation, Google will use your data to create and define lists of target groups for remarketing on different devices. To do this, Google temporarily combines the information it collects with other data it has to create target groups.

If you do not want to receive personalized ads, you can manage your ad settings directly on Google’s side: https://adssettings.google.com/ .

If you are interested in details related to Google’s use of data from sites and applications that use Google services, I encourage you to read this information: https://policies.google.com/technologies/partner-sites.

Google Analytics – details

I use the Google Analytics tool provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. I carry out activities in this regard based on my legitimate interest in creating statistics and analyzing them in order to optimize my websites.

In order to use Google Analytics, I implemented a special Google Analytics tracking code in the code of my site. The tracking code uses cookies from Google LLC regarding the Google Analytics service. You can block the Google Analytics tracking code at any time by installing a browser add-on provided by Google: https://tools.google.com/dlpage/gaoptout.

Google Analytics automatically collects information about your use of my website. The information gathered in this way is mostly transmitted to Google’s servers, which may be located around the world and stored there.

Due to the IP address anonymization activated by me, your IP address is truncated before passing on. Only in exceptional cases is the full IP address forwarded to Google’s servers and only there shortened. The anonymized IP address provided by your browser as part of Google Analytics is generally not combined with other Google data.

I emphasize that within Google Analytics I do not collect any data that would allow you to be identified. As such, the data collected through Google Analytics is not personal to us. The information I have access to within Google Analytics is, in particular:

• information about the operating system and web browser you are using;
• The subpages you are viewing within my site;
• The time spent on my site and its subpages;
• transitions between different sub-pages;
• The source from which you go to my site.

In addition, I use the following Advertising Functions within Google Analytics:

• demographic and interest reports;
• remarketing;
• ad reporting functions, user-ID.

I also do not collect personal information as part of Advertising Functions. The information I have access to is, in particular:

• the age range you are in;
• your gender;
• Your approximate location limited to localities;
• Your interests determined by your on-line activity.

Google Analytics and Google Analytics 360 services have been certified to the independent ISO 27001 security standard. ISO 27001 is one of the most widely recognized standards in the world and certifies that the systems that support Google Analytics and Google Analytics 360 meet the relevant requirements.

If you are interested in details related to Google’s use of data from sites and applications that use Google services, I encourage you to read this information: https://policies.google.com/technologies/partner-sites.

Google Tag Manager – details

I use the Google Tag Manager tool provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and allows me to manage tags, which are small pieces of code by which I am able to

control user traffic and behavior, collect information about the effectiveness of ads and

Take action to improve my site. Google Tag Manager

does not collect any personally identifiable information about you, however, the tool triggers other tags that may in turn collect data.

Hotjar – details

I use the Hotjar tool to better understand your needs and optimize the site for your user experience, which is a legitimate interest. The tool is provided by an external entity, namely Hotjar Limited, Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta.

Hotjar records every visitor to the site and enables the playback of a video recording of his or her movement on the site, as well as the generation of a so-called “video”. heat maps. Within the Hotjar tool, I do not have access to information that identifies you because Hotjar does not record the process of filling out forms.

• information about the operating system and web browser you are using;
• The sub-pages you view within the site;
• time spent on the site and its sub-pages;
• transitions between different subpages within the site;
• the source from which you go to the site;
• places you click on.

In order to use Hotjar, a special Hotjar tracking code is implemented in the code of the site. The tracking code uses cookies from Hotjar Limited. The information collected through cookies is stored by Hotjar as part of a pseudonymous user profile. Neither Hotjar nor I use this information to identify you.

You can object to Hotjar’s creation of your user profile, Hotjar’s storage of information about your use of my site, and Hotjar’s use of cookies here: https://www.hotjar.com/legal/compliance/opt-out.

If you are interested in the details related to Hotjar’s data processing, I encourage you to read Hotjar’s privacy policy: https://www.hotjar.com/legal/policies/privacy.

MailerLite – details

For the newsletter, I use MailerLite based at Jono Basanavičiaus g. 15, Vilnius 03108, Lietuva. MailerLite stores data in the European Union and operates in accordance with ISO 27001 and ISO 20000 standards. To ensure that its services are handled correctly, MailerLite uses cookies and web beacons, among other things. For more information on MailerLite’s privacy policy, please visit https://www.mailerlite.com/legal/privacy-policy.

Social media – details

My website uses plug-ins, buttons and other social media tools, collectively referred to as “plug-ins”, provided by social networks such as Facebook, Instagram, LinkedIn, Twitter, Pinterest.

By displaying my website containing a plug-in of a particular social network, your browser sends information to the administrator of that social network about your visit. Since the plug-in is a fragment of a social network embedded in my site, the browser sends a request to download the content of a particular social network to my site.

The plug-ins collect certain information about you, such as your user ID, the site you visited, the date and time, and other browser information.

Social network administrators use some of this information to personalize the viewing conditions of my site. For example, when you visit a page with a “Like” button, the social network administrator needs information about who you are to show you which of your friends also like my page. Social network administrators use some of this information to personalize the viewing conditions of my site.

Information collected by plug-ins may also be used by social network administrators for their own purposes, such as improving their own products, creating user profiles, analyzing and optimizing their own activities, and targeting advertisements. I have no real influence on how the information collected by the plug-ins is then used by the social network administrators. You can look for details in this regard in the regulations and privacy policies of the individual social networks.

Social network plug-ins collect and transmit information to the administrators of these social networks even when you browse my site without being logged into your social network account. But then the browser sends a more limited set of information.

If you have logged in to one of the social networking sites, the site administrator will be able to directly attribute your visit to my site to your profile on that social networking site.

If you do not want social networks to attribute the data collected during your visit to my website directly to your profile on a particular service, then you must log out of that service before visiting my website. You can also completely prevent plug-ins from loading on the site by using the appropriate extensions for your browser, such as script blocking.

In addition, the use of certain plug-ins may involve the publication of certain information within your social profiles. For example, information about clicks on the “Like” button can be available on your Facebook timeline. Of course, if you share some content on your social media using plugins embedded on my site, that sharing will naturally show up on your profile.

As for details related to the processing by social network administrators of information collected by plug-ins, in particular the purpose and scope of data collection and its further processing and use by the administrators, as well as the possibility of contacting you and your rights in this regard and the possibility of making settings to ensure the protection of your privacy, you will find everything in the privacy policies of the individual service providers:

• Facebook – https://www.facebook.com/privacy/explanation,
• Twitter – https://twitter.com/en/privacy,
• LinkedIn – https://www.linkedin.com/legal/privacy-policy,
• Instagram – https://www.facebook.com/help/instagram/155833707900388,
• Pinterest – https://policy.pinterest.com/pl/privacy-policy.

SoundCloud – details

SoundCloud widgets are embedded on my pages, allowing you to play recordings available on SoundCloud directly from my pages. SoundCloud is operated by SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Niemcy.

When you visit a site with an embedded SoundCloud widget, SoundCloud receives certain information, including information about the site you visited and your interactions with the widget. SoundCloud and the widget may recognize you, in particular using cookie technology. SoundCloud uses the information collected in this way to ensure that the widget functions properly and securely, to analyze and optimize for SoundCloud’s services, as well as for personalization and advertising purposes.

Remember that by playing recordings available on SoundCloud, you are using the services provided electronically by SoundCloud. SoundCloud is an independent entity, independent of me, providing electronic services to you. You can look for details on SoundCloud’s policies, including privacy protection, in documents provided directly by SoundCloud:

• terms of use: https://soundcloud.com/terms-of-use,
• privacy policy: https://soundcloud.com/pages/privacy,
• cookies policy: https://soundcloud.com/pages/cookies.

Vimeo – details

Vimeo widgets are embedded on my pages, allowing you to play recordings available on Vimeo directly from my pages. The Vimeo service is operated by Vimeo Inc. Embedded videos use cookies necessary for proper operation of the player. Vimeo does not use advertising or analytics cookies, except when a visitor to the site is logged into a Vimeo account and when a video has been embedded without the DNT parameter. More information at https://vimeo.com/cookie_policy.

wpDiscuz – details

My site uses the wpDiscuz comment system. It uses cookies to make comments work properly and to recognize commenters on different devices. More information at: https://wpdiscuz.com/privacy-policy/.

YouTube – details

YouTube widgets are embedded on my pages, allowing you to play recordings available on YouTube directly from my pages. YouTube is operated by Google LLC.

Videos are embedded on the page in privacy mode. Based on information provided by YouTube, this means that no cookies are stored on your device, nor does Google collect any information about you until you play the video.

When you play a video, YouTube saves cookies on your device and receives information that you played the video from a specific website, even if you do not have a Google account or are not logged in at the time. If you have logged into your Google account, this service provider will be able to directly attribute a visit to my site to your account. The purpose and scope of data collection and its further processing and use by Google, as well as the possibility of contacting you and your rights in this regard and the possibility of making settings to ensure the protection of your privacy are described in Google’s privacy policy.

If you do not want Google to attribute the data collected during video playback directly to your profile, you must log out of your account before playing the video. You can also completely prevent plug-ins from loading on the site by using the appropriate extensions for your browser, such as script blocking.

The information collected through cookies related to YouTube videos embedded on my pages is used by Google for the proper and safe functioning of the widget, analysis and optimization for the services provided by YouTube, as well as for personalization and advertising purposes.

Remember that by playing the recordings available on YouTube, you are using services provided electronically by Google LLC. Google LLC is an independent entity, independent of me, providing electronic services to you. You can look for details on YouTube’s policies, including privacy protection, in documents provided directly by YouTube:

• terms of use: https://www.youtube.com/t/terms,
• privacy policy: https://policies.google.com/privacy.

# 17: Do I track your behavior taken within my website?

Yes, I use Google Analytics, Google AdWords, Hotjar and Facebook Custom Audiences tools that involve collecting information about your activities on my site. These tools were described in detail under the question on third-party cookies, so we will not repeat this information here as well.

# 18: Am I targeting you with targeted ads?

Yes, I use Facebook Ads and Google Ads, where I can target ads to specific groups defined based on various criteria such as age, gender, interests, occupation, job, activities previously undertaken on our site. These tools were described in detail under the question on third-party cookies, so I am not repeating that information here either.

# 19: How can you manage your privacy?

The answer to this question is found in many places in this privacy policy when describing specific tools, behavioral advertising, cookie consent, etc. Nevertheless, I have once again gathered this information in one place for your convenience. Below you will find a list of options for managing your privacy.

• cookie settings within your web browser,
• browser plug-ins that support cookie management, e.g. Ghostery,
• additional software that manages cookies,
• incognito mode in the web browser,
• behavioral advertising settings, such as youronlinechoices.com,
• Google Analytics Opt-out: https://tools.google.com/dlpage/gaoptout;
• Google Ads Settings: https://adssettings.google.com/;
• Facebook Ads Settings: https://www.facebook.com/ads/settings,

# 20: What are server logs?

Using the site involves sending requests to the server where the site is stored. Each request to the server is recorded in the server logs.

Logs include, among others Your IP address, the date and time of the server, information about the web browser and the operating system you are using. Logs are saved and stored on the server.

The data stored in the server logs are not associated with specific people using the site and are not used to identify you.

Server logs are only auxiliary material for the administration of the site, and their contents are not disclosed to anyone except those authorized to administer the server.

# 21: Is there anything else you should know?

As you can see, the topics of personal data processing, the use of cookies and the management of privacy in general are quite complicated. I have made every effort to ensure that this document will provide you with the furthest possible knowledge on the issues that are important to you. If anything is unclear to you, you would like to learn more or just talk about your privacy, please email rodo@bankwspomnien.pl

# 22: Is this privacy policy subject to change?

Yes, I may modify this privacy policy, in particular due to technological changes and changes in the law. If you are a registered user, you will receive a message about any change in the privacy policy.