Privacy policy and data protection
ABOUT THERAPY PRACTICE
The owner and administrator of personal data collected via the Website are:Marzena Bober at the e-mail address:quantasoul.info@gmail.com ("Administrator")The Service Provider runs the Website and is responsible for the proper provision of the Website's Electronic Services.
GENERAL PROVISIONS
This privacy policy of the Website is a measure implemented by the Administrators, the purpose of which is to determine the actions taken by the Administrators in the field of protection of personal data made available to the Administrators by data subjects, and also to inform data subjects about the procedure for dealing with personal data in force in the company run by the Administrators, including in particular about the purposes and legal bases of processing and the categories of recipients to whom personal data processed by the Administrators are further transferred, and the implementation by the Administrators of the information obligation towards Data Subjects resulting from the content of Art. 13 of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Protection Regulation data) (OJ EU L 119 of 04/05/2016, p. 1, hereinafter referred to as "GDPR") in the remaining scope. The Service Provider takes special care to protect the interests of data subjects, and in particular ensures that the data collected by it is processed in accordance with the law; collected for specified, lawful purposes and not subjected to further processing incompatible with these purposes; substantively correct and adequate in relation to the purposes for which they are processed and stored in a form enabling the identification of data subjects for no longer than is necessary to achieve the purpose of processing. This privacy policy of the Website is for information purposes only, which means that it does not constitute a source of obligations for the Website Users. All words, expressions and acronyms appearing on this website and beginning with a capital letter (e.g. Service Provider, Online Service, Electronic Service) should be understood in accordance with their definition contained in the Website Regulations, available on the Website. The Service User's personal data are processed in accordance with the GDPR and the Act of May 10, 2018 on data protection (hereinafter referred to as the Personal Data Protection Act) and the Act on the provision of electronic services of July 18, 2002 (Journal of Laws 2002, No. 144, item 1204, as amended).
PURPOSE AND SCOPE OF DATA COLLECTION ON THE WEBSITE
Each time, the purpose, scope and recipients of data processed by the Service Provider result from the activities undertaken by the Service Recipient on the Website. For example, if the Service Recipient intends to use the Account, his or her personal data will be processed in order to conclude and implement the contract for the use of the Account. The Administrators process personal data regarding the Service Recipient or his representatives for the following purposes: concluding and implementing a contract for the use of the Electronic Service, fulfilling obligations arising from legal provisions, including tax and accounting provisions, conducting court, arbitration, administrative, judicial and administrative proceedings, enforcement and mediation, documenting contractual relations for evidentiary purposes during the limitation period for claims related to them, conducting direct marketing of services or goods offered by the Administrators, including via e-mail correspondence such as a newsletter, handling complaints and claims arising from warranty rights. The Service Provider may process the following personal data of Service Recipients using the Website:
name and surname of the Service Recipient
e-mail address
Name of the cooperating organization
Name of the branch of the cooperating organization
Providing the personal data referred to in the point above is not obligatory, but is necessary to conclude and perform the contract for the provision of Electronic Services on the Website. Each time, the scope of data required to conclude a contract is previously indicated on the Website, when using the Website and in its Regulations. Personal data regarding the Service Recipient may be transferred to public administration bodies or to other persons or third entities - to the extent and in cases in which the obligation to disclose them is imposed on the Administrator by law. In addition, Personal Data regarding the Service Recipient may also be transferred to entities providing accounting and accounting services as well as legal services to the Administrator on the basis of a separate agreement. The administrators declare that they have implemented appropriate technical and organizational measures to ensure an adequate level of security corresponding to the risk associated with the processing of personal data entrusted to them, referred to in Art. 32 GDPR. The administrators regularly verify and update the technical and organizational measures used to ensure an adequate level of protection for the personal data entrusted. The Administrators declare that in order to ensure the security of personal data processing, they have introduced the Personal Data Protection Policy. The Personal Data Protection Policy is a measure implemented by the Administrators in accordance with Art. 24 section 1 and 2 of the GDPR, the purpose of which is to introduce a procedure for dealing with personal data in the enterprise run by the Administrators, based on which their processing by the Administrators will take place in accordance with the GDPR. Processing of personal data within the purposes indicated above in point 3 section 2 includes, in particular, collecting, modifying, storing, viewing, updating, analyzing and archiving them. The Service Provider also processes anonymized data related to the use of the Website (e.g. number of Service Users) to generate statistics on the use of the Website. This data is aggregated and anonymous, i.e. it does not contain features identifying persons using the Website. Personal data regarding the Service Recipient will be stored by the Administrators for the following period: in the case of personal data for which the legal basis for their processing by the Administrators is the fact that it is necessary for the proper performance of the contract - until the limitation period for claims arising from this contract expires, in the case of personal data in relation to which the basis for their processing by the Administrators is a legitimate interest - until this basis for processing ceases, in particular until the claims of the Administrators and the Customer's claims resulting from the legal relationship between them expire, the termination of the legal existence of the Administrators or a valid or final determination or awarding or satisfying or defending a claim or other right of the Administrators or the Service Recipient in court, arbitration, administrative, court-administrative, enforcement or mediation proceedings, in the case of personal data for which the basis for their processing is that it is necessary to fulfill the obligations legal obligations applicable to the Administrators - until this basis for processing no longer applies.
COOKIES (cookies)
Cookies are small text information in the form of text files, sent by the server and saved on the part of the person visiting the Website (e.g. on the hard drive of a computer, laptop or on the memory card of a smartphone - depending on what device the visitor uses). our website).
Detailed information on cookies, as well as the history of their creation, can be found, among others, at: here: http://pl.wikipedia.org/wiki/Ciasteczko. The Service Provider may process data contained in Cookies when visitors use the Website for the following purposes: implementing basic functionalities of the Website, such as: identifying Service Users as logged in and maintaining login sessions and storing dynamic data, e.g. statistics, summaries; adapting the content of the Website to the individual preferences of the Service User (e.g. regarding the language of the website); remembering IP location, time zone; keeping anonymous statistics showing how the Website is used. By default, most web browsers available on the market accept cookies. Everyone can define the conditions for the use of cookies using the settings of their own web browser. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the possibility of saving Cookies - in the latter case, however, it may affect some functionalities of the Website. Internet browser settings regarding Cookies are important from the point of view of consent to the use of Cookies by our Website - in accordance with the regulations, such consent may also be expressed through the Internet browser settings. If you do not give such consent, you should change your web browser settings regarding cookies accordingly. Detailed information on changing Cookie settings and deleting them yourself in the most popular web browsers is available in the browser's help section and on the following websites (just click on the link): Chrome - https://support.google.com/chrome/answer/95647?hl=plFirefox - https://support.mozilla.org/pl/kb/W%25C5%2582%25C4%2585czanie%20i%20wy%25C5%2582%25C4%2585czanie%20obs%25C5%2582ugi%20ciasteczekExplorer - https:// support.microsoft.com/en-us/hub/4338813/windows-helpSafari - https://support.apple.com/kb/PH5042?locale=en_US
BASIS FOR DATA PROCESSING
Providing personal data by the Service Recipient is voluntary, although failure to provide the personal data indicated on the Website and in the Regulations of the Website, necessary to conclude and perform the contract for the use of the Electronic Service, results in the inability to conclude the contract. The legal basis for the processing of personal data for the purposes specified above in point 3 section 2(a) is that it is necessary for the performance of the contract. The legal basis for the processing of personal data for the purposes specified above in point j3 section 2 letter b) is that it is necessary to fulfill the legal obligations imposed on the Administrators. The legal basis for the processing of Personal Data for other purposes indicated in the point above is the legitimate interest pursued by the Administrators.
RIGHTS OF THE DATA SUBJECT RELATED TO THE PROTECTION OF PERSONAL DATA
A. Right to information
When obtaining personal data, the controller is obliged to provide the person from whom the data comes with all the following information: its identity and contact details and, where applicable, the identity and contact details of its representative, and, where applicable, the contact details of the data protection officer , the purposes of personal data processing, and the legal basis for processing, information about the recipients of personal data or categories of recipients, if any, where applicable - information about the intention to transfer Personal Data to a third country or an international organization, the period for which the personal data will be stored , and if this is not possible, the criteria for determining this period, information whether the provision of personal data is a statutory or contractual requirement or a condition for concluding a contract and whether the data subject is obliged to provide it and what are the possible consequences of failure to provide the data. If the Controllers plan to further process personal data for a purpose other than the purpose for which the personal data were collected, before such further processing, the Controller is obliged to inform the data subject about this other purpose and provide him with all other relevant information.
B. The right to withdraw consent to the processing of personal data. The data subject has the right to withdraw consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
C. The right to access personal data. The data subject is entitled to obtain from the Administrators confirmation whether Personal Data concerning him are being processed, and if this is the case, he is entitled to obtain access to them and the following information: purposes of processing; the categories of personal data concerned; information about the recipients or categories of recipients to whom personal data have been or will be disclosed, in particular recipients in third countries or international organizations; where possible, the planned period of storage of personal data, and if this is not possible, the criteria for determining this period; information about the right to request from the Administrators rectification, deletion or limitation of the processing of personal data and to object to such processing; information about the right to lodge a complaint with the supervisory authority; if the personal data were not collected from the data subject, all available information about their source; information on automated decision-making, including profiling, referred to in Art. 22 section 1 and 4 of the GDPR, and - at least in these cases - relevant information about the principles of their implementation, as well as the significance and expected consequences of such processing for the data subject. Controllers are obliged to provide the Data Subject with a copy of the Personal Data. For any subsequent copies requested by the data subject, the Controllers may charge a reasonable fee resulting from administrative costs. If the Data Subject requests a copy electronically, and unless the Data Subject indicates otherwise, the information will be provided by commonly used electronic means.
D. The right to request rectification and deletion of personal data. The data subject has the right to request from the Administrators the immediate rectification of inaccurate personal data concerning him or her. Taking into account the purposes of processing, the data subject has the right to request the completion of incomplete personal data, including by providing an additional statement. The data subject is entitled to request from the Controllers the immediate deletion of personal data relating to him or her, and the Controllers are obliged to delete personal data without undue delay if one of the following circumstances occurs: the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, the data subject has withdrawn consent on which the processing is based in accordance with Art. 6 section 1 letter a) or art. 9 section 2 letter a) GDPR and there is no other legal basis for the processing, the data subject objects under Art. 21 section 1 GDPR to the processing and there are no overriding legitimate grounds for the processing or the data subject objects to the processing pursuant to Art. 21 section 2 GDPR against processing, the personal data have been processed unlawfully, the personal data must be deleted in order to comply with a legal obligation provided for by Union law or the law of the Member State to which the Controllers are subject, the personal data have been collected in connection with the offering of information society services, referred to in Art. 8 section 1 GDPR. The rights of the data subject indicated in point 2 above do not apply to the extent that processing is necessary for the exercise of the right to freedom of expression and information, for the establishment, exercise or defense of claims, for compliance with a legal obligation requiring processing under Union or law Member State to which the Controllers are subject, or to perform a task carried out in the public interest or in the exercise of public authority vested in the Controllers, for reasons of public interest in the field of public health in accordance with Art. 9 section 2 letter h) and i) GDPR and Art. 9 section 3 GDPR for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 section 1 GDPR, insofar as it is likely that this right will prevent or seriously impair the achievement of the purposes of such processing. Controllers are obliged to provide the data subject with information about rectification or deletion of personal data, unless this turns out to be impossible or requires a disproportionate effort.
E. The right to restrict the processing of personal data. The Data Subject has the right to request that the Controllers limit the processing of his or her personal data in the following cases: The Data Subject disputes the accuracy of the personal data - for a period enabling the Controllers to check their accuracy, the processing is unlawful, and the Data Subject objects to the deletion of the personal data, demanding in instead of limiting their use, the Administrator no longer needs the personal data for the purposes of processing, but they are needed by the data subject to establish, pursue or defend claims, the Data Subject has objected to the processing pursuant to Art. 21 section 1 GDPR - until it is determined whether the legally justified grounds on the part of the Administrators override the grounds for the data subject's objection. Administrators are obliged to provide the data subject with information about the restriction of the processing of personal data, unless this turns out to be impossible or requires a disproportionate effort.
F. The right to transfer personal data. The data subject is entitled to receive personal data concerning him provided to the Controllers in a structured, commonly used and machine-readable format, and has the right to transmit these personal data to another controller without any hindrance from the Controllers, if the processing is carried out by automated means and a ) based on the consent of the data subject or b) is necessary for the performance of the contract. When exercising the right specified above, the data subject has the right to request that personal data be sent by the Administrators directly to another administrator, if technically possible. This right does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of public authority entrusted to the Controllers. This right may not adversely affect the rights and freedoms of other entities.
G. Right to object and rights related to automated individual decision-making
The data subject has the right to object at any time - for reasons related to his or her particular situation - to the processing of his or her personal data based on Art. 6 section 1 letter e) or f) GDPR, including profiling based on these provisions. The controllers are no longer allowed to process this personal data, unless they demonstrate compelling legitimate grounds for processing that override the interests, rights and freedoms of the data subject, or grounds for establishing, pursuing or defending claims. If personal data are processed by the Administrators for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning him or her for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. If personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 section 1 GDPR, the data subject has the right to object - on grounds relating to his or her particular situation - to the processing of his or her personal data, unless the processing is necessary for the performance of a task carried out in the public interest. The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision is necessary for the conclusion or performance of a contract. between the data subject and the Controllers; is permitted by Union law or the law of a Member State to which the Controllers are subject and which provides for appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, or is based on the data subject's explicit consent.
FINAL PROVISIONS
The Website may contain links to other websites. The Service Provider encourages you to read the privacy policy established there after going to other websites. This privacy policy applies only to the Website. The administrators appropriately provide the following technical measures to prevent unauthorized persons from obtaining and modifying personal data sent electronically: Securing the data set against unauthorized access; SSL certificate. In all matters related to the processing of personal data, in particular matters related to the provisions of this privacy policy, the Service User should contact the Administrators using the following contact details:
e-mail address:quantasoul.info@gmail.com
INFORMATION ON THE PROCESSING OF PERSONAL DATA FROM THE CONTACT FORM
Information obligation arising from Art. 13 section 1 and section 2 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation )
AdministratorMarzena Boberat the e-mail address: QuantaSoul.info@gmail.com
Purposes of processing Contact and sending current commercial information regarding goods or services offered by the Administrators using the data provided in the contact form on the website:quantasoul.info@gmail.com
Legal basis for processing
The processing of your personal data entered into the contact form results from the legitimate interest of the Administrators, i.e. contact with you [Art. 6 section 1 letter f) General Data Protection Regulation – GDPR]. the processing of your personal data entered into the contact form is necessary to fulfill the legal obligations imposed on the Administrators [Art. 6 section 1 letter c) General Data Protection Regulation - GDPR].
Categories of data recipients Entities authorized under the law. Employees of Administrators Entities providing external services to Administrators: accounting, IT and accounting under a separate agreement, required for the proper provision of services by Administrators.
Data storage period
The data will be stored until the limitation period for tax liabilities and other public law obligations imposed on the Administrator expires. Until you withdraw your consent to processing. The data will be deleted immediately after withdrawal of consent to their processing.
Rights related to processing
The right to request from Administrators access to data, rectification, deletion or limitation of processing.
The right to transfer personal data. The right to lodge a complaint with the President of the Personal Data Protection Office. Right to object Contact regarding GDPR:quantasoul.info@gmail.com
Additional information
Providing data before concluding a contract with the Administrators is not required, however, the consequence of not providing them will be the Administrators' inability to contact you.
Your data will not be transferred by the Administrators to third countries or international organizations. The Administrators do not make automated decisions based on your personal data and do not perform profiling.