GDPR

This Privacy Policy and Cookies Policy defines the rules for the processing and protection of personal data provided by Users and cookies, as well as other technologies appearing on the website www.aureusflos.com and in the online store under the name Aureus Flos.

The administrator of the website and personal data provided as part of it is Anna Szumilewicz-Jarmołowicz, who runs unregistered business at gen. Andersa 2F, 42-224 Częstochowa.
I care about the security of personal data and the privacy of the Website User. I’m glad you visit my website.

In case of any doubts or questions regarding this Privacy Policy and Cookies Policy, please contact the Administrator via the e-mail address: studio@aureusflos.com.

The Administrator reserves the right to make changes to the privacy policy, and each User of the website is obliged to know the current privacy policy. The reason for the changes may be the development of internet technology, changes in generally applicable law or the development of the Website, e.g. by the use of new tools by the Administrator. At the bottom of the page you will find the date of publication of the current Privacy Policy.

Administrator – Anna Szumilewicz – Jarmołowicz

User – any entity visiting the website and using it.

Website and / or Online Store – website, blog and online store located at www.aureusflos.com.

Newsletter – means a free service provided electronically by the Administrator to the User by sending e-mails through which the Administrator informs about events, services, products and other elements important from the Administrator’s point of view and / or to implement the Administrator’s legitimate purpose, which is direct marketing. Detailed information on the sending of the Newsletter can be found further in this privacy policy.

User Account or Account – a User account set up on the Store’s online platform, enabling access to the purchased training and products in accordance with the Store Regulations, which the User is obliged to accept when registering the Account.

Form or Forms – places on the Website that allow the User to enter personal data for the purposes indicated therein, e.g. to send a newsletter, to place an order, to contact the User.

GDPR – means Regulation of the European Parliament and of the Council EU 2016/679 from 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation ).
Act on the protection of personal data – the Polish Act from 10 May 2018 on the protection of personal data (Journal of Laws 2018, item 1000, with amendments).

Act on the provision of electronic services – the Polish Act from 18 July 2002 on the provision of electronic services (Journal of Laws No. 144, item 1204, with amendments).

The administrator of the User’s personal data is Anna Szumilewicz – Jarmołowicz

Providing data is voluntary, however, failure to provide certain information, as a rule marked on the Administrator’s websites as mandatory, will result in the inability to perform a given service and achieve a specific goal or take specific actions.

Providing by the User data that are not mandatory or an excess of data that the Administrator does not need to process takes place on the basis of the decision of the User himself and then the processing takes place on the basis of the premise contained in art. 6 point 1-a GDPR (consent). The User gives consent to the processing of this data and to anonymise data that the Administrator does not require and does not want to process, and yet the User has provided them to the Administrator.

The User’s personal data on the Administrator’s Website may be processed for the following purposes and on the following legal grounds:

1. performing a service or contract, sending an offer (e.g. advertising) at the User’s request – pursuant to art. 6 point 1-b GDPR (necessity to conclude and / or perform a contract or take action on request);
2. issuing an invoice, receipt and fulfilling other obligations resulting from the provisions of tax law in the case of placing orders in the Online Store or other products and services – pursuant to art. 6 point 1-c GDPR (obligation resulting from legal provisions);
3. granting a discount or informing about promotions and interesting offers of the Administrator or entities recommended by him – pursuant to art. 6 point 1-a GDPR (consent);
4. storage of unpaid orders – pursuant to art. 6 point 1-f) GDPR (legitimate interest of the administrator);
5. consideration of complaints or claims related to the contract – pursuant to art. 6 point 1-b GDPR (necessity to conclude and / or perform the contract) and pursuant to art. 6 point 1-c GDPR (obligation resulting from legal provisions);
6. establishing, investigating or defending against claims – pursuant to art. 6 point 1-f GDPR (legitimate interest of the administrator);
7. telephone contact in matters related to the provision of the service – pursuant to art. 6 point 1-b GDPR (necessity to conclude and / or perform the contract);
8. telephone contact in order to present an offer and direct marketing – pursuant to art. 6 point 1- a GDPR (consent) and pursuant to art. 6 point1-f GDPR (legitimate interest of the administrator), if you are already my client;
9. creating registers related to the GDPR and other regulations – pursuant to art. 6 point 1-c GDPR (obligation resulting from legal provisions) and art. 6 point 1-f GDPR (legitimate interest of the administrator);
10. archival and evidential, for the purposes of securing information that may be used to prove facts – pursuant to art. 6 point 1-f GDPR (legitimate interest of the administrator);
11. Analytical, consisting, inter alia, in the analysis of data collected automatically when using the website, including cookies, e.g. Google Analytics cookies, Facebook Pixel – pursuant to art. 6 point 1-f GDPR (legitimate interest of the administrator);
12. use of cookies on the Website and its subpages – pursuant to art. 6 point 1-a GDPR (consent)
13. managing the Website and the Administrator’s pages on other platforms – pursuant to art. 6 point 1-f GDPR (legitimate interest of the administrator);
14. satisfaction surveys with the services offered – pursuant to art. 6 point 1-f GDPR (legitimate interest of the administrator),
15. posting by the User an opinion on the services provided by the Administrator – pursuant to art. 6 point1-a GDPR (consent),
16. for the Administrator’s internal administrative purposes related to managing agreement with the User, which is the legitimate interest of the Data Administrator pursuant to art. 6 point 1-f GDPR (legitimate interest of the administrator),
17. in order to send the newsletter – pursuant to art. 6 point 1-f GDPR (legitimate interest of the administrator consisting in the processing of data for direct marketing purposes) and on the basis of the Act on the provision of electronic services (consent),
18. in order to adjust the content displayed on the Administrator’s websites to individual needs and to constantly improve the quality of services offered – pursuant to art. 6 point 1-f GDPR (legitimate interest of the administrator)
19. for direct marketing to the User of own products or services or recommended products of third parties – pursuant to art. 6 point 1-f GDPR (legitimate interest of the administrator),
20. in order to create Users’ databases – pursuant to art. 6 point1-f GDPR (legitimate interest of the administrator),
21. in order to operate the fanpage under the name @aureusflos on Facebook and interact with users – pursuant to art. 6 point 1-f GDPR (legitimate interest of the administrator).
22. to target advertising in social media and on websites, such as Facebook Leads Ads or Facebook Custom Audience, YouTube, and remarketing – pursuant to art. 6 point 1-a GDPR (consent) and pursuant to art. 6 point 1-f GDPR (legitimate interest of the administrator) consisting in the promotion and advertising of the Administrator’s services through remarketing addressed to people subscribed to mailing or visitors to a given website),
23. to store comments on the Website – pursuant to art. 6 point 1-a GDPR (consent).

Only the data that the user provides themselves is collected and processed (except – in certain situations – data collected automatically using cookies and login data, as mentioned below).

When visiting the website, data about the visit itself is automatically collected, e.g. user’s IP address, domain name, browser type, operating system type, etc. (login data). Data collected automatically can be used to analyze user behavior on the website, collect demographic data about users or to personalize the content of the website in order to improve it. However, these data are processed only for the purposes of website administration, ensuring efficient hosting service or directing marketing content and are not associated with the data of individual users. You can read more about cookies later in this policy.

Data may also be collected for the purpose of filling in forms on the Website, as discussed further in the privacy policy.

The administrator does not collect data of children. The user should be over 16 years of age to independently consent to the processing of personal data for the purpose of providing information society services, including for marketing purposes, or obtain the consent of a legal guardian (e.g. a parent).
If the User is under 16 years of age, he / she should not use the www.aureusflos.com website.

The Administrator is entitled to make reasonable efforts to verify whether the user meets the age requirement referred to above, or whether the person exercising parental authority or custody of the User who is under 16 years of age has consented or approved it.

The user is entitled at any time to the rights contained in art. 15-21 of the GDPR, i.e.:

– the right to access the content of his data,,
– the right to data portability,
– the right to correct data,
– the right to rectify data,
– the right to delete data, if there are no grounds for their processing,
– the right to limit the processing, if it was performed incorrectly or without a legal basis,
– the right to object to the processing of data on the basis of the legitimate interest of the administrator,
– the right to lodge a complaint with the supervisory body – the President of the Personal Data Protection Office (on the terms set out in the Personal Data Protection Act), if he considers that the processing of his data is inconsistent with the currently applicable legal provisions on data protection.
– the right to be forgotten if further processing is not provided for by the currently applicable law.

The Administrator points out that these rights are not absolute and do not apply to all processing activities of the User’s personal data. This applies, for example, to the right to obtain a copy of the data. This right may not adversely affect the rights and freedoms of other people, such as, for example, copyrights, professional secrecy. In order to learn about the limitations of the User’s rights, please refer to the GDPR.

However, the user always has the right to lodge a complaint with the supervisory authority.

In order to exercise his rights, the User may contact the Administrator via the e-mail address: studio@aureusflos.com or by post to the address of the Administrator’s place of business, if provided in this privacy policy, indicating the scope of his requests. The answer will be given no later than 30 days from the date of receipt of the request and its justification, unless it is reasonable to extend this period in accordance with the GDPR.

If the User has consented to a specific action, such consent may be withdrawn at any time, which will result in the removal of the e-mail address from the Administrator’s mailing list and cessation of the indicated activities (in the case of subscription based on consent). Withdrawal of consent does not affect the processing of data which was carried out on the basis of consent before its withdrawal.

In some cases, the data may not be completely erased and will be retained in order to defend against possible claims for a period consistent with the provisions of the Civil Code or, for example, to fulfill legal obligations imposed on the Administrator.

Each time, the Administrator will refer to the User’s request, adequately justifying further actions resulting from legal obligations.

The User’s data may be transferred outside the European Union – to third countries.

Due to the fact that the Administrator uses external providers of various services, e.g. Facebook and subsidiaries, Google, Microsoft, etc., the User’s data may be transferred to the United States of America (USA) in connection with their storage on American servers (in whole or in part ). Google and Facebook use the compliance mechanisms provided for by the GDPR (e.g. certificates) or standard contractual clauses for their services. They will be transferred only to recipients who guarantee the highest protection and data security, including through:

a) cooperation with entities processing personal data in countries for which a relevant decision of the European Commission has been issued,
b) the use of standard contractual clauses issued by the European Commission (as is the case, for example, in the case of Google),
c) application of binding corporate rules approved by the competent supervisory authority,

or that for the transfer of personal data which the User has consented to.

Detailed information is available in the content of the privacy policy of each of the providers of these services, available on their websites. For example:

Google LLC: https://policies.google.com/privacy?hl=pl

Facebook Ireland Ltd.: https://www.facebook.com/privacy/explanation

Currently, the services offered by Google and Facebook are provided mainly by entities located in the European Union. You should, however, always read the privacy policy of these providers in order to receive up-to-date information on the protection of personal data.

The User’s data will be stored by the Administrator for the duration of individual services / goals achievement and:

a) for the period of service and cooperation, as well as for the period of limitation of claims in accordance with the law – in relation to data provided by contractors and clients or Users,
b) for the duration of the talks and negotiations preceding the conclusion of the contract or the performance of the service – in relation to the data provided in the request for quotation,
c) for the period required by law, including tax law – in relation to personal data related to the fulfillment of obligations under applicable law,
d) until the objection submitted pursuant to Art. 21 GDPR – in relation to personal data processed on the basis of the legitimate interest of the administrator, including for the purposes of direct marketing,
e) until the consent is withdrawn or the purpose of processing or business purpose is achieved – in relation to personal data processed on the basis of consent. After the consent is withdrawn, the data may still be processed in order to defend against possible claims in accordance with the limitation period for these claims or the (shorter) period indicated to the User,
f) until they become obsolete or lose their usefulness – in relation to personal data processed mainly for analytical and statistical purposes, the use of cookies and the administration of the Administrator’s Pages,
g) for a maximum period of 3 years in the case of people who unsubscribed from the newsletter in order to defend against possible claims (e.g. information about the date of subscription and date of unsubscribing from the newsletter, the number of newsletters received, actions taken and activity related to the received messages) , or after a period of 1 year of inactivity by a given subscriber, e.g. failure to open any message from the Administrator.

Data storage periods indicated in years are counted at the end of each year in which data processing has started. This is to improve the data processing and management process.

Detailed periods of personal data processing, regarding individual processing activities, can be found in the Administrator’s register of processing activities.

Links to other websites may appear on the Website. They will open in a new browser window or the same window. The administrator is not responsible for the content provided by these websites. The user is obliged to read the privacy policy or the regulations of these websites.

All the Lorem Ipsum generators on the Internet tend to repeat predefined chunks as necessary, making this the first true generator on the Internet. It uses a dictionary of over 200 Latin words, combined with a handful of model sentence structures, to generate.

All the Lorem Ipsum generators on the Internet tend to repeat predefined chunks as necessary, making this the first true generator on the Internet. It uses a dictionary of over 200 Latin words, combined with a handful of model sentence structures, to generate.