PRIVACY POLICY
This Privacy Policy pertains to the processing and protection of personal data of Users in connection with the use of the www.drizzlygrizzly.pl.
Our primary goal is to provide Users of the Service with privacy protection at a level that is at least equivalent to the standards set forth in applicable legal regulations, particularly in the Act of 18 July 2002 on the provision of electronic services and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – GDPR.
Everyone who uses the Service remains anonymous until the time they decide to disclose their identity. The data controller processes personal data, among other things, based on consent, where consent should also be understood as the selection of the appropriate checkbox or any other behavior that clearly indicates acceptance of the proposed processing.
The Service and services of the Administrator are not intended for children under the age of 18, nor are they directed towards them.
If you do not accept the content of this Privacy Policy, please immediately discontinue using the Service.
Personal Data Controller
The Controller of your personal data is Sopocka Odessa Ewa Hronowska, located in Sopot (81-759) at ul. Bohaterów Monte Cassino 54, with tax identification number (NIP): 585-133-63-52, REGON: 810475070, hereinafter referred to as the “Controller”.
You can contact the Controller via email at: info@spatif.sopot.pl
Data Protection Officer
We have appointed a Data Protection Officer (the person responsible for the proper processing of personal data). You can contact the Data Protection Officer via email at: iod@drizzlygrizzly.pl or in writing at our registered office address.
Purposes and Legal Bases for Processing
Your personal data may be processed for the following purposes:
- To enter into an agreement with you and to perform that agreement (the legal basis for processing is the necessity for the performance of an agreement of which you are a party or to take action at your request prior to entering into an agreement).
- To ensure the safety of individuals present at the event (the legal basis is the legitimate interest of the Controller, e.g., obtaining consent from parents of individuals above 13 years of age, collecting personal data of guardians of individuals below 13 years of age).
- For statistical and analytical analysis of traffic on the Service (e.g., Google Analytics, Meta Pixel) (the legal basis is the legitimate interest of the Controller, which involves analyzing user activity on the Service, improving the functionality of the site, determining user preferences, and user consent).
- For archiving to secure information for potential legal requirements (the legal basis for processing is our legitimate interest).
- To conduct customer satisfaction surveys and verify the quality of our services (the legal basis for processing is our legitimate interest in evaluating satisfaction with the services provided).
- For direct marketing (the legal basis for processing is our legitimate interest in promoting the Controller’s activities and services provided by them).
- To send newsletters (the legal basis for processing is your consent).
- For email communication (the legal basis for processing is our legitimate interest in maintaining contact with potential clients and responding to questions asked).
- To manage social media accounts (the legal basis for processing is the legitimate interest of the Controller in interacting with social media users).
- To fulfill a legal obligation incumbent on the Controller, e.g., related to accounting (the legal basis for processing is the necessity to fulfill a legal obligation incumbent on the Controller).
Data Recipients
We may disclose your personal data to the following categories of entities:
- Authorized employees.
- Subcontractors, entities we use when providing our services.
- Providers responsible for managing IT systems (Evostudio sp. z o.o. based in Reda).
- Entities such as banks and payment operators that handle the order process (PayPro S.A. based in Poznań, mBank S.A. based in Warsaw).
- Service providers for accounting, legal, auditing, and consulting services (e.g., Evostudio sp. z o.o. based in Reda).
- Marketing agencies (for marketing services) (Evostudio sp. z o.o. based in Reda, Crane Agency sp. z o.o. based in Gdansk).
- Business partners whose offerings complement ours (Evostudio sp. z o.o. based in Reda, Crane Agency sp. z o.o. based in Gdansk, Square sp. z o.o. based in Gdansk, Iskra sp. z o.o., Iskra sp. z o.o. based in Gdansk).
- Companies providing event security (Security 4Moza in Gdansk).
- Companies providing access to platforms containing the Service’s corporate fan page (Meta Platforms Inc.), only to the extent that the User decides to use these platforms by clicking on the links within the Service.
- A company providing Google Analytics statistics analysis tool (Google LLC).
- A company providing analytical tools for tracking traffic on the Service (Meta Platforms Inc., Google LLC).
- Entities or authorities authorized under the law.
The Controller transfers your personal data outside the European Economic Area only when necessary and due to the use of services with international reach. Service providers are required to provide the same level of protection and apply appropriate legal mechanisms to protect personal data, such as binding corporate rules adopted by the relevant supervisory authority or other international certification standards or standard contractual clauses determined by the European Commission.
The above-mentioned companies guarantee compliance with data protection standards analogous to those in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC. The use of their technologies by the Service for the processing of personal data remains in compliance with the law.
More information on the transfer of data outside the EEA can be found at: (https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_pl)
Data Processing Period
The processing period for your personal data depends on the purpose of processing:
- We process personal data until the end of the statute of limitations for potential claims arising from the agreement.
- Personal data obtained for marketing purposes, in the case of data processed based on consent, is processed until you withdraw your consent for such processing. In the case of data processed based on our legitimate interest, we process it for the duration of marketing activities or until you object.
- We process personal data until the legal obligation requiring us to process personal data no longer applies.
Your Rights
You have the right to:
- Request access to your personal data to correct it.
- Delete your personal data.
- Restrict the processing of your personal data.
- Object to further processing of your personal data.
- Data portability.
If your personal data is processed based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of the processing carried out based on consent before its withdrawal. To withdraw your consent, you should contact us at: kontakt@drizzlygrizzly.pl. If you believe that your personal data is being processed unlawfully, you have the right to lodge a complaint with the supervisory authority, the President of the Office for Personal Data Protection or another relevant supervisory authority.
Information about the Voluntariness of Providing Data
Providing your personal data is voluntary. However, not providing certain personal data (identity, address data, email address) may prevent us from providing you with electronic services or processing your orders or purchases in the manner specified by you in the order form on our internet platform.
Cookies
The Controller analyzes the personal data of Users by analyzing the traffic on the Service, the history of activity on the Service, and social media profiles. Data analysis does not have any legal consequences or affect the rights and freedoms of Users. The data is processed solely for the purpose of determining User preferences and tailoring content and offers created by the Controller to User preferences.
- The Service uses cookies, which are small text-numeric files saved by the IT system on the User’s end device (computer, phone, or other device used to connect to the Service when browsing the Service). They allow for the identification of the User when reconnecting to the Service from the device on which they were saved.
- The Controller may use the following types of cookies:
- Temporary and functional cookies: These exist on the computer only while visiting a specific website, and they disappear when the browser is closed. They allow the Service’s pages to remember what customers selected on the previous page and are intended to optimize navigation within the Service by remembering the User’s settings, so the User does not have to re-enter data on every subpage of the Service.
- Statistical and analytical cookies: These are used to provide important information about website traffic and how visitors use it. Tools such as Google Analytics and Meta Pixel are used to collect this data. These cookies are used only for collecting statistics about website traffic and determining user profiles for displaying tailored materials in advertising networks, especially Google and Meta Platform.
- Necessary cookies: Installed by the Controller through the Service to provide Users with services offered on the website and ensure their proper functioning.
- Marketing cookies: Installed by the Controller or third-party entities used by the Controller to tailor displayed marketing content to User preferences (Meta Pixel).
- Other cookies: Other cookies that are not essential for the functioning of the Service but are used by social media.
- Cookies do not store any information that constitutes the personal data of Service Users. Cookies are not used to determine the User’s identity. The use of cookies is based on the legitimate interest of the Controller and the consent of the User.
- Cookies placed on the end device of the Service User may also be used by the Controller’s cooperating advertisers and partners. These cookies may be used by advertising networks, especially Google and Meta Platform, to display ads tailored to the User’s behavior on the Service. For this purpose, they may retain information about the User’s navigation path or time spent on a specific page.
- The Controller automatically analyzes the browsing history of the Service and the traffic on the website. Data analysis does not have any legal consequences for Users and is solely aimed at adjusting the content presented by the Controller to User preferences.
- Users can withdraw or change their consent for the use of cookies in the Service and delete cookies from their browser at any time.
- Consent can be expressed by the User through the appropriate settings of the software, especially the web browser installed on the telecommunications device used by the User to browse the content of the Service.
- Users can also limit or disable cookies in their browser at any time by configuring it to block cookies or warn Users before saving cookies on the device they use to browse the Service. In this case, however, the User may not be able to use all the features of the Service.
Analytical, Marketing Tools, and Social Media Plugins
1. Google Analitycs
The Controller uses the Google Analytics service for analytical purposes on the Service. The website’s code includes tracking code that uses cookies from Google LLC. Information about the use of services on the Service is stored on Google servers in the United States. Google Analytics provides anonymous IP address tracking, which shortens the User’s IP address within the European Union and other countries that are part of the EEA. Only in exceptional cases is the full IP address sent to a Google server in the USA and then shortened. Google Analytics uses information about the User’s operating system and internet browser, website traffic, time spent on the website, visited tabs, navigation paths, and sources through which the User accessed the Service.
The legal basis for processing data using Google Analytics is the legitimate interest of the Service Provider, which involves analyzing user actions to improve our services and conduct marketing activities. Users have the right to withdraw consent for data processing at any time by changing cookie settings.
More information about data processing with Google Analytics can be found at: [Google Analytics Privacy Policy](https://policies.google.com/privacy).
2. Meta Piksel
The Controller uses the Meta Pixel service for analytical purposes on the Service. Meta Pixel is an analytical tool provided by Meta Platforms, Inc. (formerly Facebook, Inc.), which allows us to monitor user actions on our website and collect analytical data about their interactions with our content. This tool enables us to measure the effectiveness of our marketing efforts, tailor content to user preferences, and improve the quality of our services.
We process data collected through Meta Pixel for the following purposes:
- Monitoring and analyzing user behavior on our website for analytical purposes.
- Improving the quality of our website and customizing content to user preferences.
- Conducting marketing and advertising activities.
- Ensuring the optimal quality of our services.
The legal basis for processing data using Meta Pixel is the legitimate interest of the Service Provider, which involves analyzing user actions to improve our services and conduct marketing activities. Users have the right to withdraw consent for data processing at any time by changing cookie settings.
More information about data processing with Meta Pixel can be found at:(https://www.facebook.com/privacy/policy/?entry_point=facebook_help_center_ig_data_policy_redirect).
Please note that links on the Service may direct Users to other websites for which the Service’s owner is not responsible. We have no control over the privacy policies and use of cookies by the administrators of these websites. Before using services offered by other websites, Users should review the privacy policy and use of cookies if provided. If not, Users should contact the administration of that website for information.
Where Can I Raise Concerns or Comments Regarding the Processing of Personal Data?
We would like to emphasize that your privacy is important to us, and we take all possible steps to protect your data. If you have any questions or concerns about the processing of your data on our Service, please contact us at:
- via email: kontakt@drizzlygrizzly.pl
Final Provisions
The Controller applies technical and organizational measures to ensure the protection of processed personal data appropriate to the risks and categories of data covered by protection, particularly to safeguard data from being disclosed to unauthorized persons, taken by an unauthorized person, processed in violation of applicable laws, or altered, lost, damaged, or destroyed.
The Controller reserves the right to change the Privacy Policy for significant reasons (e.g., changes in applicable laws, introduction of new functionalities, modification of IT systems). The Controller will inform Users about any changes to the Privacy Policy by posting information about the change on the homepage.
Changes to the Privacy Policy will come into effect within 14 days from the date of publication on the Service. In the case of agreements concluded before the change to the Privacy Policy, the Privacy Policy in force on the date of the agreement will apply.