This Privacy Policy sets out the rules for the processing of personal data obtained through the website massagepersonalne.pl (hereinafter: the “Website”).
The owner of the website and at the same time the data administrator is Kore Goteborg AB, NIP: 19559275692701, hereinafter referred to as the Administrator.
Personal data collected by the Administrator via the Website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation), also known as GDPR.
The Administrator takes special care to respect the privacy of customers visiting the Website.

1 Type of data processed, purposes and legal basis
The administrator collects information on natural persons performing legal transactions not directly related to their activities, natural persons conducting business or professional activity on their own behalf and natural persons representing legal persons or organizational units that are not legal persons, to whom the law grants legal capacity, conducting business activity on their own behalf. or professional, hereinafter jointly referred to as the Customers.
Customers’ personal data is collected in the case of:

using the contact form service on the Website in order to perform the contract provided electronically. Legal basis: necessity to perform the contract for the provision of the contact form service (Article 6 (1) (b) of the GDPR)

When using the contact form service, the Customer provides the following data:

– e-mail adress

– name

– Phone number

When using the Website, additional information may be downloaded, in particular: the IP address assigned to the Customer’s computer or the external IP address of the Internet provider, domain name, browser type, access time, type of operating system.
Navigational data may also be collected from customers, including information about links and links in which they decide to click or other activities undertaken on the Website. Legal basis – a legitimate interest (Article 6 (1) (f) of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services.
The transfer of personal data to the Administrator is voluntary.

2 Who is the data shared or entrusted to and how long is it stored?
The Customer’s personal data is provided to service providers used by the Administrator when running the Website. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, or are subject to the Administrator’s instructions as to the purposes and methods of data processing (processors) or independently define the purposes and methods of their processing (administrators).

1.1. Processors. The Administrator uses suppliers who process personal data only at the Administrator’s request. They include, among others providers providing hosting services, accounting services, providing marketing systems, systems for analyzing traffic on the Website, systems for analyzing the effectiveness of marketing campaigns

1.2. Administrators. The administrator uses suppliers who do not act solely on the instructions and set the goals and methods of using the clients’ personal data themselves. They provide electronic payment and banking services.

Location. Service providers are based mainly in Poland and other countries of the European Economic Area (EEA).
Customers’ personal data is stored:

3.1. If the basis for the processing of personal data is consent, the Customer’s personal data are processed by the Administrator until the consent is revoked, and after the consent is revoked for a period of time corresponding to the period of limitation of claims that may be raised by the Administrator and which may be raised against him. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business – three years.

3.2. If the basis for data processing is the performance of the contract, then the Customer’s personal data is processed by the Administrator as long as it is necessary to perform the contract, and after that time for a period corresponding to the period of limitation of claims. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business – three years.

In the event of a request, the Administrator provides personal data to authorized state authorities, in particular to organizational units of the Prosecutor’s Office, Police, and the President of the Office for Data Protection.

h Personal Data, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.

3 Cookies mechanism, IP address
The website uses small files called cookies. They are saved by the Administrator on the end device of the person visiting the Website, if the web browser allows it. A cookie file usually contains the name of the domain it comes from, its “expiry time” and an individual, randomly selected number identifying this file. Information collected using this type of file helps to adjust the products offered by the Administrator to the individual preferences and real needs of visitors to the Website. .
The administrator uses two types of cookies:

2.1. Session cookies: after the end of a browser session or turning off the computer, the saved information is deleted from the device’s memory. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from clients’ computers.

2.2. Persistent cookies: they are stored in the memory of the Customer’s end device and remain there until they are deleted or expired. The persistent cookies mechanism does not allow the collection of any personal data or any confidential information from the clients’ computer.

The administrator uses own cookies for the purpose of:

3.1. analysis and research as well as audience audit, in particular to create anonymous statistics that help to understand how Customers use the Website, which allows improving its structure and content.

The administrator uses external cookies for the purpose of:

4.1. presenting on the information pages of the Website, a map showing the location of the Administrator’s office, using the maps.google.com website (external cookie administrator: Google Inc. based in the USA)

The cookie mechanism is safe for the computers of customers visiting the website. In particular, it is not possible for viruses or other unwanted software or malicious software to enter the Customers’ computers in this way. However, in their browsers, customers have the option to limit or disable the access of cookies to computers. If you use this option, the use of the Website will be possible, except for functions which, by their nature, require cookies.
The administrator may collect IP addresses of clients. An IP address is a number assigned to the computer of a website visitor by an internet service provider. The IP number allows you to access the Internet. In most cases, it is assigned dynamically to the computer, i.e. it changes every time you connect to the Internet and therefore is commonly treated as non-personal identifying information. The IP address is used by the Administrator when diagnosing technical problems with the server, creating statistical analyzes (e.g. determining from which regions we record the most visits), as information useful in administering and improving the Website, as well as for security purposes and possible identification of burdening the server, unwanted automatic programs for viewing the content of the Website.

4 Rights of data subjects
The right to withdraw consent – legal basis: art. 7 sec. 3 GDPR.

1.1. The customer has the right to withdraw any consent he has given

1.2. Withdrawal of consent takes effect from the moment the consent is withdrawn.

1.3. Withdrawal of consent does not affect the processing carried out by the Administrator in accordance with the law before its withdrawal.

1.4. Withdrawal of consent does not entail any negative consequences for the Customer, but it may prevent further use of services or functionalities that, according to the law, may be provided by the Administrator only with consent.

The right to object to data processing – legal basis: art. 21 GDPR.

2.1. The customer has the right to object at any time – for reasons related to his particular situation – to the processing of his personal data, including profiling, if the Administrator processes his data based on a legitimate interest, e.g. marketing of the Administrator’s products and services, keeping statistics of use individual functionalities of the Website and facilitating the use of the Website, as well as a satisfaction survey.

2.2. Resignation in the form of an e-mail from receiving marketing messages regarding products or services will mean the Customer’s objection to the processing of his personal data, including profiling for these purposes.

2.3. If the Customer’s objection turns out to be justified, the Administrator will have no other legal basis to process personal data, the Customer’s personal data will be deleted, against the processing of which the Customer has objected.

The right to delete data (“the right to be forgotten”) – legal basis: art. 17 GDPR.

3.1. The customer has the right to request removal