1. Definitions

Administrator - Krzysztof Teysler, conducting business activity on the basis of an entry in the register of business activity under the name Novoderm Group , based at Inflancka 13/4, 91-857 Łódź, holding REGON: 360640054 and NIP: 773-230-70-78.

RODO - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.

Service - the website operated by the Administrator at the address: https://www.novoderm.pl

User - any natural person visiting the Website or using one or more of the services or functionalities described in the Policy.

2. Data processing

In connection with the User's use of the Website, the Administrator collects data
to the extent necessary for the provision of individual services. The detailed principles and purposes of the processing of personal data collected during the User's use of the Website are described below.

3. Aims and legal bases of data processing

• in order to provide services electronically in terms of providing Users with access to content collected on the Website, handling User queries - in which case the legal basis for processing is the necessity of processing for the performance of the contract (Article 6(1)(b) RODO);
• for analytical and statistical purposes, in which case the legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(f) RODO), consisting of conducting analyses of Users' activities,
  and their preferences in order to improve the applied functionalities
  and services provided;
• for the purpose of possibly establishing, pursuing or defending against claims - the legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(f) RODO) to protect your rights;

The User's activity on the Website, including his/her personal data, are recorded in system logs (a special computer programme used to store a chronological record containing information on events and activities concerning the IT system used to provide services by the Administrator). The information collected in the logs is processed primarily for purposes related to the provision of services. The Administrator also processes them for technical, administrative purposes, for the purposes of ensuring the security of the IT system and the management of this system, as well as for analytical and statistical purposes - in this regard, the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) RODO).

4. Cookies

The Administrator's website uses "cookies". By not changing the browser settings on the Reader's side, you consent to their use. They are short text information stored on the User's computer, phone, tablet or other device. They can be read by the Administrator, as well as by systems belonging to other entities whose services it uses (such as Google). Cookies usually contain the name of the website from which they originate, the length of time they are stored on the end device and a unique number. For more information on cookies, please visit www.allaboutcookies.org.

The cookies used on the website do not store personal data or other information collected from the Reader. The website uses a cookie to identify the browser session, which enables the use of the website features. The use of cookies does not allow the collection of any personal or address information of the Reader or any confidential information from the Reader's computer.

Cookies are used for the following purposes: maintaining the security of the service and preventing fraud, facilitating website performance, recording visits for marketing and statistical purposes, using social features, supporting website personalisation (e.g. storing language settings). Cookies may also be used and placed by partners cooperating with the Administrator - they are then subject to the cookie policies or privacy policies of the entities placing them.

The administrator reserves the right to use the Google Tag Manager tool for marketing purposes. This involves the use of Google cookies, for example Google Ads codes.

The scope and purpose of data collection and how you can contact us and exercise your rights or privacy settings are described in the privacy policies of the individual service providers..

By default, your web browser allows the use of cookies
on your device. The Administrator informs you that you can change the settings in your Internet browser - completely block the automatic handling of cookies or request to be notified each time cookies are placed on your device.

If using Google Chrome, instructions can be found here - https://support.google.com/chrome/answer/95647?hl=en

If using Mozilla Firefox, instructions can be found here - https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer

If using Safari, instructions can be found here - https://support.apple.com/kb/ph21411?locale=pl_PL

If using Microsoft Edge, instructions can be found here -. https://docs.microsoft.com/en-us/microsoft-edge/devtools-guide/debugger/cookies

If Internet Explorer is used, the Administrator suggests changing the tool to one of the above, and furthermore instructions can be found here -. https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

The Administrator feels obliged to warn you that disabling or restricting the use of cookies may cause difficulties in using the website
and limit its functionality.

5. Processing of User Data.

Beyond the EEA: In view of the fact that some entities cooperating with the Controller are based outside the European Union and are therefore considered so-called third countries under the provisions of the RODO. The Controller ensures that the entities have undertaken to ensure adequate protection of personal data.

For Google Inc. The data collected makes it impossible to identify any specific individual, and more information about the tool's privacy standards is available at the link www.google.com/intl/en/policies/privacy/partners/. In addition, using the following link: https://tools.google.com/dlpage/gaoptout It is possible to switch off the activity measured by Google Analytics .

For Facebook Inc. -Collected data in principle prevents the identification of a specific person, and more information about the tool's privacy standards is available at the link https://developers.facebook.com/docs/privacy/

Thus, the above companies guarantee compliance with data protection standards and the Administrator's use of the
of their technology when processing personal data is lawful.

6. Period of processing of personal data

The period of data processing by the Administrator depends on the type of service provided and the purpose of the processing. As a general rule, the data are processed for the duration of the service provided or the execution of the order, until the withdrawal of the consent given or until an effective objection to the data processing is made in cases where the legal basis of the data processing is the legitimate interest of the Administrator.

The processing period may be extended if the processing is necessary for the establishment, assertion or defence of possible claims, and thereafter only if and to the extent required by law. After the expiry of the processing period, the data shall be irreversibly deleted or anonymised.

7. User rights

The user is entitled to:

1. access to the content of the data and to request the rectification of the data,
2. deletion of data,
3. limitation of processing,
4. the right to data portability,
5. The right to object to the processing,
6. the right to lodge a complaint to the supervisory authority - the President of the Office for Personal Data Protection ul. Stawki 2, 00-193 Warsaw

To the extent that your data is processed on the basis of your consent, you may withdraw it at any time by contacting the Administrator.

The User has the right to object to the processing of data for marketing purposes if the processing is carried out in connection with the legitimate interest of the Controller and, for reasons related to the User's particular situation.
in other cases where the legal basis for the processing is the legitimate interest of the Controller (e.g. in connection with the fulfilment of analytical and statistical purposes).

8. Recipients of data

In connection with the provision of services, personal data will be disclosed to external entities, including in particular suppliers responsible for the operation of IT systems, marketing agencies (for marketing services) and entities related to the Administrator.

If the User's consent is obtained, his or her data may also be made available to other entities for their own purposes, including marketing purposes.

The Administrator reserves the right to disclose selected information concerning the User to the competent authorities or to third parties who make a request for such information on the basis of an appropriate legal basis and in accordance with the provisions of the applicable law.

9. Contact

Contact with the Administrator is possible at the following e-mail address kteysler@gmail.com

10. Changes to the Privacy Policy

The Policy is kept under review and updated as necessary. The current version of the Policy has been adopted and is effective from 21.04.2021