Privacy policy

  1. This Privacy Policy sets out the rules for processing personal data obtained through the website artofhealingclinic.com, hereinafter referred to as the “Website.”

  2. The owner of the website and the Data Controller is Ewelina Makiela, hereinafter referred to as the Administrator.

  3. The personal data collected by the Administrator via the Website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR.

  4. The Administrator takes special care to respect the privacy of the clients visiting the Website.

 

§ 1 Types of Data Processed, Purposes, and Legal Basis

  1. The Administrator collects information regarding natural persons performing a legal action not directly related to their activity, natural persons conducting business or professional activity on their own behalf, and natural persons representing legal persons or organizational units not being legal persons, which are granted legal capacity by law, conducting business or professional activity on their own behalf, hereinafter collectively referred to as Clients.

  2. Clients’ personal data are collected in the following cases:

    • Using the contact form service on the Website to execute a contract provided electronically. Legal basis: the necessity to execute the contract for the provision of the contact form service (Article 6(1)(b) GDPR).

  3. When using the contact form service, the Client provides the following data:

    • Email address
    • Name
    • Phone number

  4. Additional information may be collected during the use of the Website, in particular: the IP address assigned to the Client’s computer or an external IP address of the Internet provider, domain name, browser type, access time, and operating system type.

  5. Navigation data may also be collected from Clients, including information about the links and references they decide to click or other activities undertaken on the Website. Legal basis: the legitimate interest (Article 6(1)(f) GDPR), which involves facilitating the use of services provided electronically and improving the functionality of these services.

  6. Providing personal data to the Administrator is voluntary.

 

§ 2 To Whom the Data Is Disclosed or Entrusted, and How Long It Is Stored

  1. Clients’ personal data are transferred to service providers used by the Administrator in the operation of the Website. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, either follow the Administrator’s instructions regarding the purposes and means of processing the data (processors) or determine the purposes and means of processing the data themselves (controllers).

    1.1. Processors. The Administrator uses service providers who process personal data solely based on the Administrator’s instructions. These include providers of hosting services, accounting services, marketing systems, website traffic analysis systems, and marketing campaign effectiveness analysis systems.

    1.2. Controllers. The Administrator uses service providers who do not act solely on instructions and who determine the purposes and means of processing Clients’ personal data themselves. They provide electronic payment services and banking services.

  2. Location. Service providers are primarily located in Poland and other countries within the European Economic Area (EEA).

  3. Clients’ personal data are stored:

    3.1. If the basis for processing personal data is consent, then the Client’s personal data are processed by the Administrator as long as the consent is not revoked, and after revocation, for a period corresponding to the statute of limitations for claims that the Administrator may assert and that may be asserted against the Administrator. If a specific provision does not provide otherwise, the limitation period is six years, and for periodic claims and claims related to conducting business activities – three years.

    3.2. If the basis for processing personal data is the performance of a contract, then the Client’s personal data are processed by the Administrator as long as it is necessary to perform the contract, and after that time for a period corresponding to the statute of limitations for claims. If a specific provision does not provide otherwise, the limitation period is six years, and for periodic claims and claims related to conducting business activities – three years.

  4. If requested, the Administrator discloses personal data to authorized state authorities, in particular to organizational units of the Prosecutor’s Office, Police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.

 

§ 3 Cookies Mechanism, IP Address

  1. The Website uses small files called cookies. They are saved by the Administrator on the end device of the person visiting the Website, provided the web browser allows it. A cookie file usually contains the name of the domain it comes from, its “expiration time,” and a randomly selected unique number identifying this file. The information collected using this type of file helps to adjust the products offered by the Administrator to the individual preferences and actual needs of people visiting the Website.

  2. The Administrator uses two types of cookies:

    2.1. Session cookies: after the end of a given browser session or after turning off the computer, the saved information is deleted from the device’s memory. The session cookies mechanism does not allow for the collection of any personal data or confidential information from the Clients’ computers.

    2.2. Persistent cookies: they are stored in the memory of the Client’s end device and remain there until they are deleted or expired. The persistent cookies mechanism does not allow for the collection of any personal data or confidential information from the Client’s computer.

  3. The Administrator uses its own cookies for:

    3.1. Analysis and research as well as audience audits, in particular, to create anonymous statistics that help understand how Clients use the Website, which allows for improving its structure and content.

  4. The Administrator uses external cookies for:

    4.1. Presenting, on the informational pages of the Website, a map showing the location of the Administrator’s office using the online service maps.google.com (administrator of the external cookies: Google Inc., based in the USA).

  5. The cookies mechanism is safe for the computers of the Clients visiting the Website. In particular, it is not possible for viruses or other unwanted software or malware to enter the Clients’ computers through this method. However, Clients have the option in their browsers to limit or disable the access of cookie files to their computers. If this option is used, the use of the Website will be possible, except for functions that by their nature require cookies.

  6. The Administrator may collect Clients’ IP addresses. The IP address is a number assigned to the computer of the person visiting the Website by the Internet service provider. The IP number allows access to the Internet. In most cases, it is assigned dynamically, i.e., it changes with each connection to the Internet and for this reason, it is generally considered non-personal identifying information. The Administrator uses the IP address to diagnose technical problems with the server, create statistical analyses (e.g., to determine from which regions we receive the most visits), as information useful for administering and improving the Website, and for security purposes and possible identification of undesirable automated programs for browsing the Website content.

 

§ 4 Rights of Individuals Whose Data Are Processed

  1. Right to withdraw consent – legal basis: Article 7(3) GDPR.

    1.1. The Client has the right to withdraw any consent they have given.

    1.2. Withdrawal of consent is effective from the moment of withdrawal.

    1.3. Withdrawal of consent does not affect the processing carried out by the Administrator in accordance with the law before its withdrawal.

    1.4. Withdrawal of consent does not entail any negative consequences for the Client, but it may prevent further use of services or functionalities that, according to the law, the Administrator may provide only with consent.

  2. Right to object to data processing – legal basis: Article 21 GDPR.

    2.1. The Client has the right to object at any time – for reasons related to their particular situation – to the processing of their personal data, including profiling, if the Administrator processes their data based on a legitimate interest, e.g., marketing of the Administrator’s products and services, conducting statistics on the use of individual functionalities of the Website, and facilitating the use of the Website, as well as satisfaction surveys.

    2.2. Opting out of receiving marketing communications regarding products or services in the form of an email will mean that the Client objects to the processing of their personal data, including profiling, for these purposes.

    2.3. If the Client’s objection is justified, and the Administrator has no other legal basis for processing personal data, the Client’s personal data against which the Client has objected will be deleted.

  3. Right to erasure of data (“right to be forgotten”) – legal basis: Article 17 GDPR.

    3.1. The Client has the right to request the erasure of all or some of their personal data.

    3.2. The Client has the right to request the erasure of personal data if:

    3.2.1. Personal data are no longer necessary for the purposes for which they were collected or processed.

    3.2.2. The Client has withdrawn their consent to the extent that personal data were processed based on consent.

    3.2.3. The Client has objected to the use of their data for marketing purposes.

    3.2.4. Personal data are processed unlawfully.

    3.2.5. Personal data must be deleted to comply with a legal obligation under European Union law or the law of a Member State to which the Administrator is subject.

    3.3. Despite the request to delete personal data, in connection with the objection or withdrawal of consent, the Administrator may retain certain personal data to the extent that processing is necessary to establish, assert, or defend claims, as well as to fulfill a legal obligation requiring processing under European Union law or the law of a Member State to which the Administrator is subject. This applies in particular to personal data including, but not limited to, the transaction history and the payment history.

  4. Right to restrict data processing – legal basis: Article 18 GDPR.

    4.1. The Client has the right to demand that the processing of their personal data be restricted. Submitting a request, until it is processed, prevents the use of certain functionalities or services, the use of which will entail the processing of data covered by the request. The Administrator will not send any messages, including marketing ones.

    4.2. The Client has the right to request the restriction of the use of personal data in the following cases:

    4.2.1. When the accuracy of the Client’s personal data is contested, the Administrator will restrict the use of the data for the time necessary to verify their accuracy, but no longer than for 7 days.

    4.2.2. When the processing of data is unlawful, and instead of deleting the data, the Client requests the restriction of their use.

    4.2.3. When the personal data is no longer necessary for the purposes for which they were collected or used, but they are needed by the Client to establish, assert, or defend claims.

    4.2.4. When the Client has objected to the use of their data. Then, the restriction occurs for the time necessary to consider whether – due to the particular situation – the protection of the interests, rights, and freedoms of the Client outweighs the interests pursued by the Administrator when processing the Client’s personal data.

  5. Right of access to data – legal basis: Article 15 GDPR.

    5.1. The Client has the right to obtain from the Administrator confirmation whether their personal data is being processed.

    5.2. If the Administrator processes the Client’s personal data, the Client has the right to:

    5.2.1. Access their personal data.

    5.2.2. Obtain information about the purposes of the processing, the categories of processed personal data, the recipients or categories of recipients of this data, the planned period of storage of the Client’s data, or the criteria for determining this period (when determining the planned period of data processing is not possible), the Client’s rights under GDPR, the right to lodge a complaint with the supervisory authority, the source of this data, the automated decision-making process, including profiling, and the security measures used in connection with the transfer of this data outside the European Union.

    5.2.3. Obtain a copy of their personal data.

  6. Right to data portability – legal basis: Article 20 GDPR.

    6.1. The Client has the right to receive their personal data, which they have provided to the Administrator, and then send it to another personal data controller of their choice. The Client also has the right to request that their personal data be sent directly by the Administrator to such a controller if technically feasible. In this case, the Administrator will send the Client’s personal data in the form of a CSV file, which is a commonly used, machine-readable format that allows the data received to be sent to another personal data controller.

  7. In the case of the Client having the right to raise a claim based on the above-mentioned rights, the Administrator fulfills the request or refuses to comply with it without undue delay, but no later than one month after receiving it. However, if – due to the complexity of the request or the number of requests – the Administrator cannot meet the request within a month, the Administrator will meet it within the next two months, informing the Client in advance of the intended extension and its reasons.

  8. The Client may submit complaints, inquiries, and requests to the Administrator regarding the processing of their personal data and the exercise of their rights.

  9. The Client has the right to request the Administrator to provide copies of the standard contractual clauses by making a request in the manner indicated in §6 of the Privacy Policy.

  10. The Client has the right to lodge a complaint with the President of the Office for Personal Data Protection regarding the violation of their rights to the protection of personal data or other rights granted under GDPR.

 

§ 5 Changes to the Privacy Policy

  1. The Privacy Policy may change, of which the Administrator will inform Clients 7 days in advance.

  2. Questions related to the Privacy Policy should be sent to: ewelina.makiela@gmail.com.

  3. The date of the last modification: 09.09.2024r.