Privacy Policy

 

§1

GENERAL PROVISIONS

 

  1. This document sets out the Privacy Policy of the Mobile Photo Kiosk website operating at mobilephotokiosk.app, operated by Pixel-Tech Spółka Jawna Pytowski i Kubarek, based at 6A Laski Street, 41-303 Dąbrowa Górnicza. The Company is registered in the Register of Entrepreneurs of the National Court Register (VIII Economic Department - KRS of the District Court Katowice-Wschód in Katowice) under KRS number: 0000358467. Pixel-Tech Sp. J. is registered under REGON number: 240352530 and NIP number: 6443287239. which, in particular, includes regulations on personal data protection and security of other data entered on the Website by the User.
  2. The Privacy Policy is an integral appendix to the Terms & Conditions of the Mobile Photo Kiosk website.

 

§2

DEFINITIONS

 

Terms used in this document mean:

 

  1. Administrator of personal data (also referred to as the Administrator) - Pixel-Tech Spółka Jawna Pytowski i Kubarek, based at 6A Laski Street, 41-303 Dąbrowa Górnicza. The company is registered in the Register of Entrepreneurs of the National Court Register (VIII Economic Department - KRS of the District Court Katowice-Wschód in Katowice) under KRS number: 0000358467. Pixel-Tech Sp. J. is registered under REGON number: 240352530 and NIP number: 6443287239.
  2. Service - the website at mobilephotokiosk.app and all its sub-sites.
  3. User - an individual who uses the Service and provides personal information within it.
  4. Personal data - information about a natural person identified or identifiable by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including image, voice recording, contact data, location data, information contained in correspondence, information collected through recording equipment or other similar technology.
  5. RODO - Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
  6. Terms & Conditions – Terms & Conditions of the Mobile Photo Kiosk website operating at mobilephotokiosk.app.

 

§3

PERSONAL DATA PROTECTION

 

  1. The Administrator is the controller of personal data within the meaning of the RODO.
  2. The Administrator collects and processes personal data in accordance with the relevant laws, including in particular the RODO, and in accordance with the principles provided for in these laws.
  3. The Administrator informs about the processing of data at the time of collection. The Administrator processes data to the extent, time and purposes each time indicated in the content provided under the forms used to collect personal data from the User.
  4. The Administrator transfers Personal Data only to the Administrator's trusted subcontractors, i.e. suppliers responsible for the operation of IT systems, entities such as banks and payment operators, entities providing accounting services, legal services, marketing agencies (to the extent of marketing services), entities providing other IT and software services.
  5. The Administrator, at the request and with the express consent of the User, transfers the User's personal data to a third party with whom the User has entered into an agreement through the Service. Personal data are transferred to the extent and for the purpose necessary to provide the subject matter of the agreement concluded between the User and the third party.
  6. The Administrator shall have the right to transfer selected User Personal Data to competent authorities and third parties if such necessity arises from applicable laws and when such entities make a request for such data based on an appropriate legal basis.
  7. The Administrator shall ensure the security of the processed Personal Data and its confidentiality, and shall allow the User access to information on data processing. If, despite the security measures in place, a breach of the protection of Personal Data occurred (e.g., a "leak" of data or loss of data) and such a breach could cause a high risk of infringement of the User's rights or freedoms, the Administrator shall inform the User of such an event in a manner consistent with the regulations.
  8. The user can contact the data controller. The contact details are as follows:

Mailing address:

Pixel-Tech Sp. J., Laski 6A, 41-303 Dabrowa Gornicza, Poland,

Email address:

gdpr@pixel-tech.eu

Phone number:

+48 32 291 50 19

 

§4

SECURITY OF PERSONAL DATA

 

  1. The Administrator uses all technical and organizational possibilities available to it to ensure the security of the User's personal data and protect it from accidental or intentional destruction, accidental loss, modification, unauthorized disclosure or access. Users' personal data is stored and processed on high-security servers, with appropriate security measures, meeting the requirements of Polish law.
  2. Entrusted data is stored on top-of-the-line equipment and servers in properly secured information storage centers, to which only authorized persons have access.
  3. The Administrator shall carry out personal data processing activities in compliance with all legal and technical requirements imposed on him by the regulations on personal data protection. The Administrator shall analyze on an ongoing basis the risks associated with its processing of personal data and ensure that only authorized persons have access to the data and only to the extent necessary to perform their duties.
  4. The Administrator shall take all necessary measures to ensure that its subcontractors and other cooperating entities also provide guarantees to apply appropriate security measures whenever they process Personal Data on behalf of the Administrator.
  5. The Administrator undertakes to keep security copies containing the User's personal data.

 

§5

USER RIGHTS

 

  1. If personal information changes, the User should update it by editing the data in the User's account.
  2. The user has the following rights:
    1. The right to information about the processing of Personal Data,
    2. The right to obtain a copy of the Personal Data that the Administrator processes,
    3. The right to rectify Personal Data,
    4. The right to erasure of Personal Data (on this basis, you can request erasure of data, the processing of which is no longer necessary to carry out any of the purposes for which they were collected),
    5. The right to restrict the processing of Personal Data,
    6. The right to portability of Personal Data,
    7. The right to object to the processing of Personal Data for marketing purposes (You may object to the processing of Personal Data for marketing purposes at any time, without having to justify such objection),
    8. The right to object to other purposes of data processing (the User may object at any time - for reasons related to his/her particular situation - to the processing of Personal Data that is carried out on the basis of the legitimate interests of the Administrator; such objection requires a justification),
    9. The right to withdraw consent, if the Personal Data is processed on the basis of the consent given (withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal),
    10. The right to complain to the supervisory authority for the processing of Personal Data, which has jurisdiction over the User's habitual residence, place of work or place where the alleged violation was committed. In Poland, the supervisory authority is the President of the Office for Personal Data Protection.
  3. The Administrator may refuse to delete the User's personal data if the preservation of personal data is necessary due to an obligation imposed on the Administrator by law.
  4. The User has the right to submit a request for the exercise of his/her rights indicated above by letter or electronic means (e-mail). The Administrator's contact details are indicated in § 3 section 7.
  5. If, based on the request referred to in paragraph 4, the Administrator is unable to determine and identify the natural person to whom the request pertains, it will ask the applicant for additional information. Failure to provide additional information will result in refusal to comply with the applicant's request.
  6. The Administrator shall respond to the request within one month of its receipt. If it is necessary to extend this period, the Administrator shall inform the requester of the reasons for it and the expected date for responding to the request.

 

§6

BASIS, PURPOSE AND STORAGE PERIOD OF PERSONAL DATA

 

  1. Personal data is processed for the following purposes and on the following grounds:
    1. Use of the Service:

Personal data of all persons using the Website (including IP address or other identifiers and information collected through cookies or other similar technologies), are processed by the Administrator for the purpose of:

      1. Provision of services by electronic means (legal basis: necessity of processing for performance of the contract - Article 6(1)(b) RODO),
      2. for analytical and statistical purposes (legal basis: consent - Article 6(1)(a) RODO),
      3. Establish and pursue claims or defend against claims (legal basis: the Administrator's legitimate interest - Article 6(1)(f) RODO, which is to protect the Administrator's rights).
    1. Registration on the Website, order form, conclusion of contract:

In order to establish, operate and maintain a User Account, the User is asked to provide the Personal Data indicated in the registration form. Providing the data is not mandatory, but refusal to provide it results in the inability to establish a User Account. In order to place an order on the Website, the User is asked to provide the Personal Data indicated in the order form. Providing the data is not mandatory, but refusal to provide it results in the inability to place an order. The Personal Data indicated by the User is processed by the Administrator in order to:

      1. Provision of services by electronic means (legal basis: necessity of processing for performance of the contract - Article 6(1)(b) RODO),
      2. for analytical and statistical purposes (legal basis: consent - Article 6(1)(a) RODO),
      3. Establish and pursue claims or defend against claims (legal basis: the Administrator's legitimate interest - Article 6(1)(f) RODO, which is to protect the Administrator's rights).
    1. Newsletter, push messages and SMS/MMS marketing service:

Users who have requested the Administrator to do so receive e-mail, push messages, SMS or MMS messages with advertising content. Subscribing to the Newsletter, push messages and SMS/MMS marketing services involves providing the Administrator with the User's Personal Data. Providing the data is not mandatory, but refusal to provide it results in the impossibility of providing the Newsletter service, push messages and SMS/MMS marketing services. The Personal Data indicated by the User is processed by the Administrator in order to:

      1. Provision of services by electronic means (legal basis: necessity of processing for performance of the contract - Article 6(1)(b) RODO - in the scope of data necessary for sending Newsletter, sending push messages, SMS and MMs, in the scope of optional data legal basis: consent - Article 6(1)(a) RODO),
      2. for analytical and statistical purposes (legal basis: consent - Article 6(1)(a) RODO),
      3. Establish and pursue claims or defend against claims (legal basis: the Administrator's legitimate interest - Article 6(1)(f) RODO, which is to protect the Administrator's rights),
      4. for the Administrator's marketing purposes - targeting via Newsletter, MMS and SMS marketing content, (legal basis: the Administrator's legitimate interest - Article 6(1)(f) RODO - dictated by the User's consent to use the Newsletter service, push messages and SMS/MMS marketing).
    1. Marketing

The Administrator processes the Users' Personal Data in order to carry out marketing activities, which may consist, in particular, in displaying to the User marketing content corresponding to the User's interests or sending commercial information by electronic means for purposes related to direct marketing of goods and services. In this case, the User's Personal Data is processed by the Administrator on the basis of the User's consent (Article 6(1)(a) of the RODO), which may be withdrawn. Realization of the Administrator's marketing purposes may be carried out through profiling, consisting of automatic processing of Personal Data and its evaluation in order to analyze the User's behavior and create a forecast for the future, which is sued for displaying to the User content in accordance with the User's individual preferences and interests.

    1. Contact form, traditional and electronic correspondence (e-mail)

The User may address messages to the Administrator using e-mail using the Administrator's contact information available on the Site, the Terms of Use or this Privacy Policy, as well as through the contact form available on the Site. Personal Data contained in such correspondence is used by the Administrator solely for the purpose of communication and settlement of the matter to which the correspondence relates. The basis for the processing of the Data is the legitimate interest of the Administrator - Article 6(1)(f) of the DPA - which consists in maintaining the correspondence addressed to it in connection with its business activities, and in the case of contact related to the services provided or a contract - the necessity of the processing to perform the contract - Article 6(1)(b) of the DPA.

    1. Phone contact

The User may contact the Administrator by telephone for purposes related to the services provided or the agreement concluded, as well as for other matters. In the case of telephone contact in matters not related to the concluded agreement or provided services, the Administrator may require the User to provide Personal Data only if it is necessary to handle the reported matter. The legal basis for the processing of Personal Data is the legitimate interest of the Administrator - Article 6(1)(f) of the RODO - consisting of the necessity to resolve the reported matter related to its business activity, and in the case of contact related to the services provided or the contract - the necessity of processing to perform the contract - Article 6(1)(b) of the RODO.

    1. Social media profiles

The Administrator has its profiles on social media (including Facebook). The Administrator processes Personal Data left by persons responding to the profiles, e.g. comments or web IDs. The Administrator uses this data in order to effectively run the profiles, enable activity on these profiles, as well as for analytical or statistical purposes. The legal basis for the processing of Personal Data is the legitimate interest of the Administrator - Article 6(1)(f) of the RODO - consisting in the promotion of its activities and services provided, possibly for the purpose of asserting claims or defending against third-party claims. The above does not apply to the processing of personal data by social networks. To learn about the rules of data processing by social networks, please refer to their policies for processing Personal Data.

  1. The period of data processing depends on the service provided, the purpose and the basis for processing. As a rule of thumb, the data are processed for the period of performance of the service or execution of the order. When the basis for processing Personal Data is consent, the data are processed until the consent is effectively withdrawn. When the basis for the processing of Personal Data is the legitimate interest of the Administrator, the data are processed until an effective objection is made.
  2. The period of processing of Personal Data referred to in paragraph 2 may be extended in case the processing is necessary for the establishment, investigation and defense of possible claims. After that time, Personal Data may be processed only if and to the extent required by applicable law.
  3. After the expiration of the processing period of Personal Data, Personal Data is deleted or irreversibly anonymized.

 

§ 7

COOKIE POLICY

 

  1. The Administrator uses cookies. Cookies are small text files sent (saved) by the Service on the User's terminal device (e.g. computer, smartphone).
  2. The Administrator uses cookies to provide services electronically, to improve them and enhance their quality, as well as for analytical and statistical purposes and to adapt the Website to the needs of its Users. Through the use of cookies, the Administrator personalizes content and advertising. The Administrator shares information about how a User uses the Website with trusted social, advertising and analytics partners in order to provide the highest possible quality of e-commerce operation, analytics, customization and personalization services.
  3. The Service uses two types of cookies: "session cookies" and "permanent cookies" (persistent cookies). "Session" cookies are temporary files that are stored on the User's terminal equipment until the User logs out, leaves the website or shuts down the software (web browser). 'Permanent' cookies are stored on the User's end device for the time specified in the parameters of the cookies or until they are deleted by the User.
  4. The Administrator uses the following types of cookies on the Website:
    1. indispensable - enable the use of services and functionalities available on the Site, such as those used in handling user authorization or to fill a shopping cart when shopping online,
    2. Functional - they allow remembering User's choices and remembering them and adjusting them on the Site, e.g. with regard to language preferences, font size, appearance of the Site, etc,
    3. Analytical - they enable the acquisition of a range of information, including the number of visits and sources of traffic on the Website. The collection of this data is used to determine which pages are most frequently visited and leads to the creation of statistics on traffic on the Website. The collection of this data is used by the Administrator to improve the performance of the Website. The collected data is processed in anonymized form. This type of cookies includes Google Analytics cookies.
  5. Functional and analytical cookies may be installed by the Administrator and its trusted partners through the Service.
  6. The legal basis for processing data in connection with the use of essential cookies is the necessity of processing Personal Data for the performance of the contract (Article 6(1)(b) RODO). In the case of other cookies, the basis for processing Personal Data is the legitimate interest of the Administrator or the consent of the User (Article 6(1)(a) and (f) RODO). In order to use functional, analytical and advertising cookies, the Administrator must obtain the User's consent.
  7. The consent referred to in paragraph 5 is granted by means of the relevant form displayed when visiting the Site for the first time. The consent granted may be withdrawn or adjusted differently at any time. To change or withdraw the consents granted, contact the Administrator.
  8. Users can change their cookie settings from their web browser.
  9. Changing the settings of cookies and similar technologies may affect the way the Website works and the services it provides.

 

§8

LOGI

 

  1. In accordance with the practice of most websites, the Administrator stores HTTP requests directed to its server (server logs). Accordingly, the Administrator stores the following information:
    1. IP addresses from which users browse the information content of our website,
    2. time of arrival of inquiry,
    3. time to send a response,
    4. the name of the client station - identification implemented by the HTTP protocol,
    5. Information about errors that occurred during the execution of HTTP transactions,
    6. URL of the page previously visited by the user (referer link),
    7. information about the user's browser.
  2. The collected logs are kept for an indefinite period of time as support material for the administration of the Website. The information contained therein is not disclosed to anyone except those authorized to administer the Website. Based on the log files, statistics may be generated to assist in the administration of the Site. Aggregate summaries in the form of such statistics do not contain any identifying characteristics of visitors to the Service.
  3. The Administrator processes the information contained in the logs for technical, administrative purposes, to ensure the security of the IT system and the management of this system, as well as for analytical and statistical purposes - in this regard, the legal basis for the processing of Personal Data is the Administrator's legitimate interest (Article 6(1)(f) RODO).

 

§ 9

TRANSFER OF DATA OUTSIDE THE EOG

 

  1. As part of the Administrator's use of tools to support its day-to-day operations provided, for example, by Google, Users' Personal Data may be transferred to a country outside the European Economic Area (EEA), in particular to the United States of America (USA) or another country in which an entity cooperating with it maintains tools for processing Personal Data in cooperation with the Administrator. The Administrator transfers Personal Data outside the EEA only when necessary, and with an adequate degree of protection, primarily through the use of standard contractual clauses issued by the European Commission.

 

§ 10

FINAL PROVISIONS

 

  1. This privacy policy is subject to updates in connection with the ongoing analysis of technical and legal conditions related to the processing of personal data.
  2. This privacy policy is effective as of 06/10/2023.