Privacy policy
§1 Definitions
- Service – the online service “BMCT” operating under the address www.bmct.pl.
- External Service – online services of partners, service providers, or recipients cooperating with the Administrator.
- Service/Data Administrator – the Service and Data Administrator (hereinafter the Administrator) is the company “BMCT Ilona Kalaszczyńska,” operating at the address: ul. Stanisława Kazury 1/7, 02-795 Warsaw, with the tax identification number (NIP): 7742525919, providing services electronically via the Service.
- User – a natural person for whom the Administrator provides services electronically via the Service.
- Device – an electronic device along with software through which the User accesses the Service.
- Cookies – text data collected in the form of files placed on the User’s Device.
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).
- Personal Data – information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.
- Processing – an operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
- Restriction of Processing – marking stored personal data to limit their future processing.
- Profiling – any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects of a natural person, in particular, to analyze or predict aspects concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
- Consent – a voluntary, specific, informed, and unambiguous indication of the data subject’s wishes, by which they signify agreement to the processing of personal data relating to them, by a statement or by a clear affirmative action.
- Personal Data Breach – a security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
- Pseudonymization – the processing of personal data in such a manner that they can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures to ensure non-attribution to an identified or identifiable person.
- Anonymization – an irreversible process of operations on data that destroys or overwrites “personal data,” making it impossible to identify or associate a given record with a specific user or individual.
§2 Data Protection Officer
Based on Article 37 of GDPR, the Administrator has not appointed a Data Protection Officer.
For matters regarding data processing, including personal data, please contact the Administrator directly.
- 3 Types of Cookies
- Internal Cookies – files placed and read from the User’s Device by the Service’s telecommunication system.
- External Cookies – files placed and read from the User’s Device by the telecommunication systems of External Services. Scripts of External Services that may place Cookies on the User’s Device are deliberately embedded in the Service via scripts and services installed on the Service.
- Session Cookies – files placed and read from the User’s Device by the Service during a single session of a given Device. After the session ends, the files are deleted from the User’s Device.
- Persistent Cookies – files placed and read from the User’s Device by the Service until they are manually deleted. Files are not automatically deleted after the Device session ends unless the Device configuration is set to delete Cookies after each session.
§4 Data Storage Security
- Mechanisms for storing and reading Cookies – Storing, reading, and exchanging data between Cookies stored on the User’s Device and the Service are carried out using built-in browser mechanisms and do not allow for obtaining other data from the User’s Device, other websites visited by the User, personal data, or confidential information. It is practically impossible to transmit viruses, trojans, or other malicious software to the User’s Device.
- Internal Cookies – Cookies applied by the Administrator are safe for the User’s Devices and do not contain scripts, content, or information that may threaten the security of personal data or the security of the User’s Device.
- External Cookies – The Administrator makes every effort to verify and select service partners to ensure the safety of Users. The Administrator collaborates with reputable, globally trusted partners. However, they do not have full control over the content of Cookies from external partners. For Cookie safety, their content, and their legitimate use by scripts installed in the Service, the Administrator is not responsible as far as legally permissible. A list of partners is included in the further part of the Privacy Policy.
- Cookie Control
- Users can change settings regarding the storage, deletion, and access to Cookies data by any website.
- Information on disabling Cookies in the most popular desktop browsers can be found on the following pages:
- Managing Cookies in Chrome
- Managing Cookies in Opera
Users can delete all previously saved Cookies at any time using the tools available on the Device they use to access the Service.
§5 Purposes for Using Cookies
- Facilitating and simplifying access to the Service.
- Personalizing the Service for Users.
- Providing advertising services.
- Affiliate services.
- Conducting statistics (users, visits, device types, connections, etc.).
- Providing social media services.
§6 Purposes of Personal Data Processing
Personal data voluntarily provided by Users is processed for one of the following purposes:
- Provision of electronic services.
- Communication between the Administrator and Users regarding the Service and data protection.
- Ensuring the legitimate interests of the Administrator.
Data about Users collected anonymously and automatically is processed for the following purposes:
§1 General Information
- The Website operates in accordance with the provisions of the applicable law.
- We value and respect the privacy of our Users, and we strive to provide secure use of our services.
- This Privacy Policy explains how personal data and anonymous data are collected, processed, and used in the Website’s operations.
§2 Cookies
The Website uses cookies, which are small text files stored on the User’s device to improve the functionality and quality of the services provided.
§3 Use of Cookies
- To analyze traffic and statistics
- To serve ads tailored to User preferences
- To support affiliate programs
- To ensure the Administrator’s legitimate interest
§4 External Service Cookies
The Administrator utilizes JavaScript scripts and web components of partners in the Service, which may place their own cookies on the User’s device. Remember that you can control the cookies allowed for individual websites in your browser settings. Below is a list of partners or their services implemented in the Service, which may place cookies:
- Social/Integrated Services: (Registration, Login, content sharing, communication, etc.)
- Advertising and Affiliate Networks:
- Statistics Services:
Services provided by third parties are beyond the Administrator’s control. These entities may change their terms of service, privacy policies, purposes of data processing, and methods of using cookies at any time.
§5 Types of Collected Data
The Service collects data about Users. Some data is collected automatically and anonymously, while some is personal data voluntarily provided by Users during registration for specific services offered by the Service.
Automatically Collected Anonymous Data:
- IP address
- Browser type
- Screen resolution
- Approximate location
- Visited subpages of the service
- Time spent on specific subpages of the service
- Operating system type
- Previous subpage address
- Referring website address
- Browser language
- Internet connection speed
- Internet service provider
Data Collected During Registration:
- Email address
Data Collected When Subscribing to the Newsletter:
- Email address
Some data (excluding identifying data) may be stored in cookies. Some data (excluding identifying data) may be shared with statistical service providers.
§6 Access to Personal Data by Third Parties
As a rule, the sole recipient of personal data provided by Users is the Administrator. Data collected through the services provided are not transferred or sold to third parties.
Access to data (usually under a Data Processing Agreement) may be granted to entities responsible for maintaining the infrastructure and services essential for operating the service, such as:
- Hosting companies providing hosting or related services for the Administrator
Data Processing Delegation – Hosting, VPS, or Dedicated Server Services
The Administrator uses an external hosting, VPS, or Dedicated Server provider for the operation of the service – Progreso. All data collected and processed in the service are stored and processed within the service provider’s infrastructure located within the European Union. Access to this data may occur due to maintenance works carried out by the service provider’s staff. Access to this data is regulated by an agreement between the Administrator and the Service Provider.
§7 Data Processing Methods
Personal Data Voluntarily Provided by Users:
- Personal data will not be transferred outside the European Union unless it has been published due to an individual User’s action (e.g., posting a comment or entry), making the data accessible to anyone visiting the service.
- Personal data will not be used for automated decision-making (profiling).
- Personal data will not be sold to third parties.
Anonymous Data (Non-Personal Data) Collected Automatically:
- Anonymous data (non-personal) may be transferred outside the European Union.
- Anonymous data (non-personal) will not be used for automated decision-making (profiling).
- Anonymous data (non-personal) will not be sold to third parties.
§8 Legal Grounds for Personal Data Processing
The Service collects and processes Users’ data based on:
- The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation):
- Art. 6(1)(a) The data subject has given consent to the processing of their personal data for one or more specific purposes
- Art. 6(1)(b) Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract
- Art. 6(1)(f) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
- The Act of 10 May 2018 on the Protection of Personal Data (Dz.U. 2018 poz. 1000)
- The Telecommunications Law Act of 16 July 2004 (Dz.U. 2004 nr 171 poz. 1800)
- The Copyright and Related Rights Act of 4 February 1994 (Dz. U. 1994 Nr 24 poz. 83)
§9 Access to Personal Data by Third Parties
As a rule, the sole recipient of personal data provided by Users is the Administrator. Data collected as part of the services provided are not transferred or sold to third parties.
Access to the data (usually based on a Data Processing Agreement) may be granted to entities responsible for maintaining the infrastructure and services necessary for operating the website, such as:
- Hosting companies providing hosting or related services to the Administrator
Data Processing Delegation – Hosting, VPS, or Dedicated Server Services
The Administrator uses the services of an external provider for hosting, VPS, or Dedicated Servers – <arel=”nofollow external”=”” href=”https://progreso.pl/”>Progreso </arel=”nofollow>. All data collected and processed on the website is stored and processed within the provider’s infrastructure located within the European Union. Access to this data may occur during maintenance work performed by the provider’s personnel. Access to these data is regulated by the agreement between the Administrator and the Provider.
§10 Methods of Personal Data Processing
Personal data voluntarily provided by Users:
- Personal data will not be transferred outside the European Union unless published as a result of the User’s individual actions (e.g., posting a comment or entry), making the data available to anyone visiting the website.
- Personal data will not be used for automated decision-making (profiling).
- Personal data will not be sold to third parties.
Anonymous data (without personal data) collected automatically:
- Anonymous data (without personal data) may be transferred outside the European Union.
- Anonymous data (without personal data) will not be used for automated decision-making (profiling).
- Anonymous data (without personal data) will not be sold to third parties.
§11 Legal Basis for Processing Personal Data
The website collects and processes Users’ data based on:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)
- Article 6(1)(a)
the data subject has given consent to the processing of their personal data for one or more specific purposes - Article 6(1)(b)
processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the data subject’s request prior to entering into a contract - Article 6(1)(f)
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
- Article 6(1)(a)
- The Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws 2018, item 1000)
- The Telecommunications Law of 16 July 2004 (Journal of Laws 2004 No. 171, item 1800)
- The Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994 No. 24, item 83)
§12 Period of Personal Data Processing
Personal data voluntarily provided by Users:
As a rule, the personal data provided are stored only for the period of service provision within the Website by the Administrator. They are deleted or anonymized within 30 days of service termination (e.g., account deletion, newsletter unsubscription).
An exception is made for situations requiring the safeguarding of legally justified purposes for further processing by the Administrator. In such cases, the Administrator may retain the data for up to 3 years from the time of a User’s deletion request in the event of a breach or suspected breach of the website’s regulations.
Anonymous data (without personal data) collected automatically:
Anonymous statistical data, not constituting personal data, is stored by the Administrator for statistical purposes for an indefinite period.
§13 Users’ Rights Regarding Personal Data Processing
The website collects and processes Users’ data based on:
- Right to Access Personal Data
Users have the right to access their personal data upon request to the Administrator. - Right to Rectify Personal Data
Users have the right to request immediate rectification of incorrect or incomplete personal data upon request to the Administrator. - Right to Delete Personal Data
Users have the right to request the immediate deletion of their personal data upon request to the Administrator. For user accounts, data deletion involves anonymization of identifying information. The Administrator reserves the right to delay the deletion request to protect legitimate interests (e.g., if the User violates the terms of service or data was obtained through correspondence). For the Newsletter service, Users can remove their data using a link in each email message. - Right to Restrict Data Processing
Users have the right to restrict data processing under the conditions outlined in Article 18 of GDPR, such as challenging the accuracy of data, upon request to the Administrator. - Right to Data Portability
Users have the right to receive their personal data in a structured, commonly used, machine-readable format upon request to the Administrator. - Right to Object to Data Processing
Users have the right to object to data processing in cases specified in Article 21 of GDPR, upon request to the Administrator. - Right to Lodge a Complaint
Users have the right to file a complaint with the supervisory authority for personal data protection.
§14 Contacting the Administrator
The Administrator can be contacted using the following methods:
- Postal Address – BMCT Ilona Kalaszczyńska, ul. Stanisława Kazury 1/7, 02-795 Warsaw
- Email Address – info@bmct.pl
- Phone Call – +48 692 412 771
- Contact Form – available at: /contact
§15 Website Requirements
- Limiting the saving and access to Cookies on the User’s Device may cause some website functionalities to malfunction.
- The Administrator is not responsible for malfunctioning website functionalities if the User limits the ability to save and read Cookies.
§16 External Links
The website may contain links to external sites, which the website owner does not cooperate with. These links, as well as the pages or files they refer to, may be unsafe for your Device or pose a security risk to your data. The Administrator is not responsible for content outside the website.
§17 Changes to the Privacy Policy
- The Administrator reserves the right to make any changes to this Privacy Policy without informing Users regarding the use of anonymous data or Cookies.
- The Administrator reserves the right to change this Privacy Policy regarding the processing of Personal Data. Users with accounts or subscribed to the Newsletter will be informed via email within 7 days of the changes. Continued use of the services implies acceptance of the changes. If a User disagrees with the changes, they must delete their account or unsubscribe from the Newsletter.
- Changes to the Privacy Policy will be published on this subpage of the website.
- The changes take effect upon publication.