Let’s start with the official information – the website’s administrator is EFFECTIVENESS Anna Sarnacka-Smith, ul. Rodziny Połanieckich 27/81, NIP [Tax Identification Number]: 5432072090.
The short version – the most important information
We value your privacy, but we also value your time. That is why we have prepared an abridged version of the most important information on the rules related to privacy protection.
- We process the personal data that you provide to us by creating a user account, placing an order, filing a complaint, withdrawing from a contract, subscribing to the newsletter or simply contacting us, including via the website chat.
- The information that we may have on you includes: name and surname, address of residence, address of the registered office or permanent place of business, NIP number, e-mail address, telephone number, or other data included in the correspondence between us. We are not always in possession of all the data indicated above. Their scope depends on the content of the information forms or simply the messages that you send to us.
- We make every effort to ensure that your personal data remains secure and does not fall into unauthorised hands, using appropriate technical and organisational security measures.
- We entrust the processing of your personal data only to reliable and proven entities providing personal data processing services.
- We do not make any decisions regarding you based exclusively on the automated processing of your personal data, which would have legal consequences for you or which would affect you significantly in a similar way.
- You can exercise your rights under the GDPR concerning the processing of your personal data by using our dedicated e-mail address for handling issues related to privacy and personal data: firstname.lastname@example.org.
- We track and analyse your activities on our websites for statistical, optimisation and marketing purposes. We use the following tools for this purpose: Google Analytics. These tools provide us with access to a large amount of information relating to your use of our website, but this information remains anonymous, i.e. we are unable to identify you on the basis of this information. The tools may collect information about you, such as your approximate location, device, operating system, and browser, as well as gender, age range, interests, time spent on the site, transitions between pages, clicks on individual links, and other actions performed on the websites. This information is not collated by us with your personal data and does not allow for your identification. This information may be transferred to the United States of America (USA). The tool providers guarantee an adequate level of data protection through the use of standard contractual clauses and participation in the Privacy Shield Program.
- We embed YouTube videos on the effectiveness.pl website. When you play such recordings, Google LLC cookies for YouTube services become activated.
- The website is stored on an external server, which, like all websites, generates logs. The logs store information concerning IP address, date and time of the server, browser and operating system. Logs are used exclusively for operational and technical purposes.
- Notwithstanding our privacy and confidentiality efforts related to your use of the website, we encourage you to be an informed Internet user and to familiarize yourself with options provided by e.g. your browser’s privacy settings, collective management of behavioural advertising settings (e.g. http://www.youronlinechoices.com/, https://www.networkadvertising.org/choices), the incognito mode in your web browser, and additional privacy-oriented plug-ins (e.g. https://www.ghostery.com).
The afore-mentioned information is preliminary. We encourage you to read more details below.
EFFECTIVENESS Anna Sarnacka-Smith, ul. Rodziny Połanieckich 27/81, NIP [Tax Identification Number] 5432072090 is the controller of your personal data within the meaning of the provisions on personal data protection.
The purposes, legal basis and period of processing personal data are indicated separately with respect to each purpose for data processing (see: a detailed description of different purposes of data processing).
Rights. The GDPR provides you with potential rights associated with the processing of your personal data:
- The right to access your data and to obtain a copy thereof,
- the right to rectify (correct) your data,
- the right to erase your data (if, in your opinion, there is no basis for us to process your data, you can request its erasure),
- the right to restrict the processing of data (you may request that we restrict the processing of your data only to the purposes of data storage or execution of actions to which you have agreed, if you believe we have incorrect data or we have been processing it without grounds to do so),
- the right to object against the data processing (you have the right to object against the data processing on the basis of a legitimate interest; you should indicate the particular situation which, in your opinion, provides grounds for refraining from the processing covered by the objection. We will no longer process your data for those purposes, unless we demonstrate that grounds for processing your data override your rights or that your data is necessary to establish, exercise or defend legal claims.
- the right to data portability (you have the right to receive from us, in a structured, machine-readable and commonly used format, the personal data that you have provided to us on the basis of a contract or your consent, and you may entrust us with the transfer of said data directly to another party),
- the right to lodge a complaint to the supervisory authority (if you state that we process data unlawfully, you may lodge a complaint with this regard with the President of the Personal Data Protection Office or another relevant supervisory authority).
The rules associated with the exercise of the afore-mentioned rights have been described in detail in Articles 16-21 of the GDPR. We encourage you to read these provisions. For our part, we consider it necessary to advise you that the above-mentioned rights are not absolute and that you will not be entitled to exercise them with regard to all actions related to the processing of your personal data.
Nevertheless, we want to emphasize that you will always be entitled to exercise one of the above-indicated rights – if you believe that we have violated the provisions on personal data protection in the course of processing of your personal data, you have the right to lodge a complaint with the supervisory body (President of the Office for Personal Data Protection).
Safety. We guarantee the confidentiality of any personal data you provide. We take all security and personal data protection measures required by the provisions on personal data protection. Personal data is collected with due diligence and appropriately protected against unauthorised access.
Data recipients. Your personal data may be processed by entities whose services we use and whose services involve or may involve the processing of personal data. These include, in particular, the following entities:
- the host provider who stores data on the server,
- the provider of the mailing system in which your data is stored if you subscribe to the newsletter,
- the provider of the chat system in which your data is stored if you contact us via chat,
- an accounting office that processes your data appearing on the invoices,
- the law firm that obtains access to the data if it is necessary to provide us with legal assistance,
- a website maintenance service provider who obtains access to the data if the technical work carried out relates to areas containing personal data,
- other subcontractors who have access to the data if the scope of their activities requires such access.
Your personal data may also be transferred to tax offices to the extent necessary to fulfil tax, clearing and accounting obligations. This applies in particular to all declarations, reports, statements and other accounting documents that contain your personal data.
In addition, if necessary, your personal data may be made available to entities, bodies or institutions that are authorised to access data under the law, such as police, security forces, courts, and prosecutor’s offices.
Transfer of personal data to third countries. We transfer your personal data to third countries in connection with the use of tools that store personal data on servers located in third countries, in particular in the USA. The providers of these tools guarantee an adequate level of personal data protection through appropriate compliance mechanisms as provided by the GDPR, in particular by entering into the Privacy Shield Program or by using standard contractual clauses.
The storage of personal data on servers located in third countries is carried out by means of the following tools:
TAWK chat system provided by tawk.to inc.187 East Warm Springs Rd, SB119 Las Vegas, NV, 89119 – for data transmitted over the chat available on the website.
TAWK ensures an adequate level of personal data protection by applying the compliance mechanisms foreseen by the GDPR, in particular by joining the Privacy Shield Program. Below you can find links to a page confirming TAWK’s participation in the Privacy Shield Program where you can view information about the processing of personal data by this entity.
Profiling and behavioural advertising. We do not make any decisions based exclusively on automated processing, including profiling, that would have legal consequences for you or which would affect you significantly in a similar way. We would like to emphasise that the tools we use do not give us access to information that would allow us to identify you. The information in question includes, in particular:
- information about the operating system and the web browser you are using,
- information about the browsed pages,
- information the time spent on the website,
- information about transitions between pages,
- information about the source from which you are accessing our site,
- information about the age range you are in,
- information about your gender,
- information about your approximate location limited to your city or town,
- your interests determined by your online activities.
We do not collate the above-indicated information with your personal data stored in our databases. This information is anonymous and does not allow us to identify you. This information is stored on the servers of the providers of the various tools, and these servers may be located around the world.
Purposes and activities of the personal data processing
User Account. When creating a user account, you must provide the data necessary to create the account, such as your e-mail address and password. Providing data is voluntary, but necessary to create an account. You can enter more detailed data when you edit the account data. When editing your user profile, you can provide further data about yourself, i.e. your name, billing address, and shipping address. Provision of this data is entirely voluntarily. You can have an account without providing further data. In such a case, you will need to enter this data manually every time you place an order.
Data collected on the user account is processed in the WooCommerce system and stored on a server provided by H88 S.A. ul. Franklina Roosevelta 22, 60-829 Poznań
The data provided in connection with the creation of an account are processed in order to provide you with an electronic service consisting in providing you with the possibility to use the user account. This service is provided pursuant to the agreement concluded on the basis of the rules described in the regulations, which means that in this respect the legal basis for processing your personal data is Article 6(1)(b) of the GDPR.
You may decide at any time to delete your account, but this will not lead to the erasure of your data from our database, as this data is necessary for us to determine, defend or enforce any claims related to the agreement for the provision of electronic services. In addition, your data is stored in the database after deletion of your account so that we can identify you as a returning user in the future if you decide to reuse the website as a registered user. In this respect, the legal basis for the processing of your personal data is our legitimate interest – Article 6(1)(f) of the GDPR.
You can modify your account details at any time.
Orders. When you place an order through the website, you have to provide the data necessary to perform the order, such as name and surname, billing address, e-mail address, telephone number, NIP number. Providing data is voluntary, however necessary for the order to be placed.
The data provided to us in connection with the order are processed for the purpose of fulfilling the order (Article 6(1)(b) of the GDPR), issuing an invoice (Art. 6(1)(c) of the GDPR), including an invoice in our accounting records (Article 6(1)(c) of the GDPR) and for archival and statistical purposes, including the identification of the returning customer (Article 6(1)(f) of the GDPR).
The data specified in the order placed via the website are processed within the WooCommerce system and stored on the server provided by H88 S.A. Ul. Franklina Roosevelta 22, 60-829 Poznań Data included in individual orders are processed within the email service and are stored on a server provided by H88 S.A. ul. Franklina Roosevelta 22, 60-829 Poznań.
If you have a user account on the website and the order has been placed via the website, your order will be visible in the order history of that account.
Each order is documented by way of an invoice. Invoices are issued using software provided by our accounting and tax office: Kancelaria Rachunkowo – Podatkowa Adam Jeżak. The data visible on the invoices is therefore also processed by that entity in connection with provision of accounting services.
Orders are also registered in our internal database for archival and statistical purposes.
Data concerning orders will be processed for the time necessary to perform the order, and then until the expiry of the period of limitation of claims under the contract. Furthermore, after expiry of this period, data may still be processed by us for archival and statistical purposes, in particular for the purpose of identifying the returning customer. Keep in mind that we have an obligation to store invoices with your personal data for a period of 5 years from the end of the tax year in which the tax obligation arose.
Furthermore, you cannot object to the processing of data and require the erasure of data until the expiry of the period of limitation of claims under the contract. Similarly, you cannot object to the processing of data and request the erasure of the data contained in invoices. However, you may object to the processing of your data for statistical purposes, as well as request removal of your data from our database after the expiry of the period of limitation of claims under the contract.
Complaints and withdrawal from the contract. If you make a complaint or withdraw from the contract, you provide us with personal data contained in the content of the complaint or a statement of withdrawal, which includes your name, address, telephone number, e-mail address, bank account number. Provision of data is voluntary, but necessary to submit a complaint or withdraw from the contract.
The data provided to us in connection with the submission of a complaint or withdrawal from the contract is used to implement the complaint procedure or the procedure for withdrawing from the contract (Article 6(1)(c) of the GDPR), and then for archival purposes, which constitutes our legitimate interest (Article 6(1)(f) of the GDPR).
The data will be processed for the time necessary to carry out the complaint procedure or the withdrawal procedure. Complaints and statements of withdrawal from the contract may also be archived in order to be able to demonstrate later the course of the complaint process or withdrawal from the contract process.
You cannot rectify data contained in complaints and statements of withdrawal from the contract. Furthermore, you cannot object to the processing of data and require the erasure of data until the expiry of the period of limitation of claims under the contract. However, you may object to the processing of your data for statistical purposes, as well as request removal of your data from our database after the expiry of the period of limitation of claims under the contract.
Newsletter. By subscribing to the newsletter, you provide us with your e-mail address.
Providing your e-mail address is voluntary, but is necessary to subscribe to the newsletter.
We use the data provided to us when subscribing to the newsletter to send you the newsletter, and the legal basis for their processing is your consent (Article 6(1)(a) of the GDPR) which you express when you subscribe to the newsletter.
The data are processed within the GetResponse mailing system and are stored on a server provided by GetResponse Sp. z o.o.
You can unsubscribe from receiving the newsletter at any time by clicking on the dedicated link included in every message sent as part of the newsletter service or simply by contacting us. Despite the fact that you have unsubscribed from the newsletter, your data will still be stored in our database in order to defend any claims related to the sending of the newsletter to you, in particular for the purpose of proving your consent to receive the newsletter and the moment of its withdrawal, which constitutes our legitimate interest referred to in Article 6(1)(f) of the GDPR.
You can rectify your data stored in the newsletter database at any time. If you object to the processing of your personal data, simultaneously requesting the erasure of your data from our database, we will have to inform you that, on the grounds of our legitimate interest as referred to in the preceding paragraph, we will not delete your data from our database. The erasure of such data would prevent us from demonstrating, if necessary, that you have given your consent to receive the newsletter in the past.
Our mailing system tracks your actions in relation to messages we send you. Therefore, we know which messages you have opened, in which messages you have clicked on links, etc.
Contact. By contacting us via e-mail or live chat available on the website, you naturally provide us with your personal data contained in the content of the correspondence, in particular your e-mail address and your name. Provision of data is voluntary, but necessary to create an account.
In this case your data is processed in order to contact you, and the basis for the processing is Article 6(1)(a) of the GDPR, i.e. our legitimate interest. The legal basis for processing after the end of the contact is a justified purpose in the form of archiving correspondence for internal needs (Article 6 (1)(c) of the GDPR).
The content of the correspondence can be archived and we cannot clearly determine when it will be deleted. You have the right to request to be presented with the history of your communication with us (provided it had been archived), as well as request its erasure, unless its archiving is justified due to our overriding interests, e.g. protection against potential claims on your part.
Cookies and other tracking technologies
Cookies are small text files stored on your device (e.g. computer, tablet, smartphone), which may be read by our ICT system (own cookies) or the ICT system of third parties (third party cookies).
Some of the cookies we use are deleted at the end of the browser session, i.e. when the browser closes (so-called session cookies). Other cookies are stored on your terminal device and allow us to recognise your browser the next time you visit our website (persistent cookies).
If you want to learn more about cookies as such, you can read this material: https://pl.wikipedia.org/wiki/HTTP_cookie.
Below, you will find detailed information on the cookies functioning within our website.
Cookies consent. By using the website with cookies enabled in your browser, you agree to record and store information in cookies and to accessing of said information.
You can always change your browser cookie settings or delete cookies altogether. Browsers manage cookies settings in different ways. The help menu of your browser contains information on how to change the cookie settings.
You can also manage your cookie settings by installing special add-ons that allow you to control cookies, such as Ghostery (https://www.ghostery.com).
First-party cookies. We use first-party cookies to ensure the proper operation of the website, the ordering process and the user account.
Third-party cookies. Our website, like many other websites nowadays, uses functions provided by third parties, which involves using third-party cookies. The use of this type of cookies is described below.
Google Analytics. We use Google Analytics, a tool provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We carry out these activities on the basis of our legitimate interest in creating and analysing statistics in order to optimize our websites.
Google Analytics automatically collects information about your use of the website. The information collected in this manner is most commonly transmitted to and stored by Google on servers located in the United States.
Due to the IP anonymization function, which we have activated, your IP address is shortened before being forwarded. The full IP address is only forwarded to Google servers in the United States and shortened there in exceptional cases. The anonymized IP address transmitted by your browser within the framework of Google Analytics will not generally be merged with other data held by Google.
We would like to emphasize that Google Analytics does not collect any personally identifiable information about you. Therefore, the data collected within Google Analytics does not have the character of personal data. The information that we have access to within the framework of Google Analytics includes, in particular, the following:
- information about the operating system and the web browser you are using,
- information about the pages that you visit within the scope of our website,
- information about the time spent on our website and its pages,
- information about transitions between pages within the scope of our website,
- information about the source from which you access our website.
- demographic and interest reports,
- advertising reporting functions, user-ID.
In addition, we also use the following Advertising Features of Google Analytics:
We also do not collect personal data as part of the Advertising Features. The information we have access to includes, in particular:
- information about the age range you are in,
- information about your gender,
- information about your approximate location, limited to your city or town,
- information about your interests determined by your on-line activity.
In order to use Google Analytics, we have implemented a special tracking code of Google Analytics in the code of our website. The tracking code uses Google LLC cookies concerning the Google Analytics service. You can block the Google Analytics tracking code at any time by installing the Google browser add-on: https://tools.google.com/dlpage/gaoptout.
Google Analytics and Google Analytics 360 have been certified according to the ISO 27001 independent security standard. ISO 27001 is one of the most widely recognised standards in the world and certifies that systems that support Google Analytics and Google Analytics 360 meet the relevant requirements.
More information related to the processing of data within Google Analytics can be found in the explanations prepared by Google: https://support.google.com/analytics/answer/6004245.
Chat. We provide you with the opportunity to contact us via an on-line chat embedded on the website. The tool is provided by TAWK, tawk.to inc.187 East Warm Springs Rd, SB119 Las Vegas, NV, 89119.
Since tawk.to inc. is based in the USA and uses technical infrastructure located in the USA, tawk.to inc. has joined the EU-US-Privacy Shield Program to provide an adequate level of personal data protection, as required by European legislation. In the framework of an agreement between the US and the European Commission, the latter has established an adequate level of data protection for companies holding a Privacy Shield certificate.
Video. We embed on our website content from external websites, in particular videos from YouTube. Therefore, we use Google LLC cookies associated with the YouTube service, including DoubleClick cookies.
Whenever you play video or view other embedded material, Google is notified of this fact, even if you do not have a profile with the service provider or are not signed in. This information (including your IP address) is sent by your browser directly to the server of the relevant service provider (some servers are located in the USA) and stored there.
If you do not want the service provider to link the data collected during the playing of videos or other content on our website directly to your profile on their website, you must log out of said website before visiting our website. You can also completely prevent plug-ins from being uploaded to the website by using appropriate add-ons for your browser, such as blocking scripts.
The YouTube cookies are only loaded when the video is played, so if you don’t want this to happen, refrain from watching videos.
Using the website involves sending requests to the server on which the website is stored. Each request to the server is saved in the server logs.
The logs include i.a. your IP address, date and time of the server, information on the Internet browser and the operational system you use. Logs are saved and stored on the server.
Data saved on server logs is not associated with a specific person using the website and is not used to identify you.
The server logs constitute only auxiliary material for administrating the website, and their content is not disclosed to anyone beside the persons authorised to administrate the server.