1. General Information

This policy applies to the website operating under the URL: orchowski.club. The service operator and data controller is: Bartłomiej Orchowski.Academy, Ul. Armii Krajowej 17/4, 19-300 Ełk. Contact email address: kontakt@orchowski.club. The operator is the administrator of your personal data provided voluntarily on the website. The legal basis for processing personal data by the Administrator includes user consent (Art. 6(1)(a) GDPR), performance of a contract (Art. 6(1)(b) GDPR), legal obligation (Art. 6(1)(c) GDPR), and legitimate interest of the Administrator (Art. 6(1)(f) GDPR). The website processes personal data for the following purposes:
The website obtains information about users and their behaviors in the following ways:

2. Selected Data Protection Methods Used by the Operator

Login areas and personal data entry are protected at the transmission level (SSL certificate). This means that personal data and login information entered on the site are encrypted on the user's computer and can only be read on the target server. Personal data stored in the database are encrypted in such a way that only the Operator possessing the key can read them. This ensures that the data is protected in case the database is stolen from the server. User passwords are stored in a hashed form. The hashing function is one-way – it cannot be reversed, which is the current standard for storing user passwords. The website uses two-factor authentication, which provides additional protection for logging into the website. The operator periodically changes administrative passwords. To protect the data, the Operator regularly performs backups. An essential element of data protection is the regular updating of all software used by the Operator for personal data processing, which includes regular updates of programming components.

3. Hosting

The website is hosted (technically maintained) on the servers of the operator: zenbox.pl. The hosting company, in order to ensure technical reliability, keeps server logs. The logs may include:

4. Your Rights and Additional Information on How Data is Used

In certain situations, the Administrator has the right to transfer your personal data to other recipients if it is necessary to perform a contract concluded with you or to fulfill obligations incumbent on the Administrator. This applies to the following groups of recipients: The Administrator uses external entities for personal data processing, such as hosting service providers and payment systems. Personal data processing is carried out based on entrustment agreements in accordance with Art. 28 GDPR. Your personal data is processed by the Administrator for no longer than is necessary for the related activities defined by separate regulations (e.g., accounting requirements). For marketing-related data, personal data will not be processed for more than 3 years. You have the right to request from the Administrator: You also have the right to object to the processing of data specified in point 3.2 in relation to processing for the purposes of legitimate interests pursued by the Administrator, including profiling, but the right to object cannot be exercised if there are valid legally justified grounds for processing that are overriding with respect to your interests, rights, and freedoms, in particular establishing, asserting, or defending claims. Complaints against the Administrator's actions can be submitted to the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw. Providing personal data is voluntary but necessary for the operation of the website. Personal data will be stored for the period necessary to achieve the processing purposes and then for the time required by law (e.g., 5 years in the case of accounting data). The Administrator may process user data in an automated manner, including through profiling, to adapt services to the user's preferences. Activities involving automated decision-making, including profiling, may be undertaken concerning you for providing services under the concluded agreement and for direct marketing purposes by the Administrator. Personal data are not transferred to third countries in the sense of data protection regulations. This means that we do not transfer them outside the European Union. The exception is the use of tools such as Google Analytics and Facebook Pixel, which may result in the transfer of data to the USA based on standard contractual clauses approved by the European Commission.

5. Information in Forms

The website collects information provided voluntarily by the user, including personal data, if provided. The website may save information about connection parameters (time, IP address). The website, in certain cases, may save information that facilitates linking data in the form with the user's email address who filled out the form. In such cases, the user's email address appears within the URL of the page containing the form. Data provided in the form is processed for the purpose resulting from the function of the specific form, e.g., to process a service request or commercial contact, registration of services, etc. Each time the context and description of the form clearly indicate its purpose.

6. Administrator Logs

Information on user behavior on the website may be subject to logging. These data are used to administer the website.

7. Important Marketing Techniques

The Operator uses statistical analysis of website traffic through Google Analytics (Google Inc. based in the USA). The Operator does not transfer personal data to the operator of this service, only anonymized information. The service is based on the use of cookies in the user's end device. Regarding user preferences collected by the Google advertising network, the user can view and edit information derived from cookies using the tool: Google Ads Preferences. The Operator uses the Facebook pixel. This technology ensures that Facebook (Facebook Inc. based in the USA) knows that a person registered there is using the website. It is based on data for which Facebook itself is the administrator. The Operator does not provide any additional personal data to Facebook. The service is based on the use of cookies in the user's end device. Data may be transferred to countries outside the European Economic Area (EEA) based on standard contractual clauses approved by the European Commission.

8. Information about Cookies

The website uses cookies. Cookies (so-called "cookies") are IT data, particularly text files, which are stored in the end device of the website user and are intended for use with the website's pages. Cookies usually contain the name of the website from which they originate, the duration of their storage on the end device, and a unique number. The entity placing cookies on the website user's end device and accessing them is the website operator. Cookies are used for the following purposes: The website uses two basic types of cookies: "session" (session cookies) and "persistent" cookies. Session cookies are temporary files that are stored on the user's device until they log out, leave the website, or disable the software (web browser). Persistent cookies are stored on the user's device for the time specified in the cookie parameters or until deleted by the user. Web browsing software (web browser) usually allows cookies to be stored on the user's device by default. Website users can change settings in this regard. The web browser allows the deletion of cookies. It is also possible to automatically block cookies. Detailed information on this topic is provided in the help or documentation of the web browser. Restrictions on the use of cookies may affect some functionalities available on the website pages. Cookies placed on the user's end device may also be used by entities cooperating with the website operator, in particular, companies such as Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA), Twitter (Twitter Inc. based in the USA).

9. Managing Cookies

– How to express and withdraw consent in practice? If the user does not want to receive cookies, they can change their browser settings. We reserve that disabling cookies necessary for authentication processes, security, maintaining user preferences may hinder, and in extreme cases, prevent the use of the website. To manage cookie settings, select the web browser you use from the list below and follow the instructions: Mobile devices: