Privacy Policy and Cookies Policy

This document sets out the terms for the processing of personal data, hereinafter also referred to as “data”, and cookies within the website glutecode.com, operated through the website available at the URL: glutecode.com, hereinafter referred to as the “Service”.

TABLE OF CONTENTS

  1. HOW TO CONTACT THE DATA CONTROLLER
  2. ON WHAT BASIS WE PROCESS YOUR DATA
  3. INFORMATION ON DATA PROCESSING FOR THE PURPOSE OF CONCLUDING AND PERFORMING CONTRACTS, POSSIBLE PURSUIT OF CLAIMS AND DEFENCE AGAINST CLAIMS
  4. INFORMATION ON DATA PROCESSING FOR DIRECT MARKETING PURPOSES
  5. INFORMATION ON DATA PROCESSING FOR SECURITY PURPOSES
  6. INFORMATION ON DATA RECIPIENTS
  7. INFORMATION ON TRANSFERS OF DATA TO THIRD COUNTRIES
  8. ABSOLUTE RIGHTS OF PERSONS WHOSE DATA IS PROCESSED
  9. CONDITIONAL RIGHTS OF PERSONS WHOSE DATA IS PROCESSED
  10. COOKIES — INTRODUCTION
  11. COOKIES OF THE DATA CONTROLLER
  12. THIRD-PARTY COOKIES
  13. CONSENT TO THE USE OF COOKIES AND COOKIE MANAGEMENT
  14. CACHE MEMORY
  15. LINKS TO OTHER WEBSITES OR SOFTWARE
  16. CHANGES TO THE PRIVACY AND COOKIES POLICY

1. HOW TO CONTACT THE DATA CONTROLLER

The controller of personal data processed within the Service is Glute Code By Anna PTE. LTD., with its business address at: 160 Robinson Road #14-04, Singapore Business Federation Center, 068914 Singapore, registration number: 202521159R, and correspondence address: 160 Robinson Road #14-04, Singapore Business Federation Center, 068914 Singapore.

The Data Controller may be contacted by phone at: +48 519 694 221 and by e-mail at: info@glutecode.com.

2. ON WHAT BASIS WE PROCESS YOUR DATA

When collecting personal data, we always inform you of the legal basis for its processing. This basis arises from the provisions of the GDPR, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC — the General Data Protection Regulation.

When we refer to:

Article 6(1)(a) GDPR — this means that we process personal data on the basis of consent received;

Article 6(1)(b) GDPR — this means that we process personal data because it is necessary for the performance of a contract or in order to take steps prior to entering into a contract at your request;

Article 6(1)(c) GDPR — this means that we process personal data in order to comply with a legal obligation;

Article 6(1)(f) GDPR — this means that we process personal data for the purposes of pursuing legitimate interests.

3. INFORMATION ON DATA PROCESSING FOR THE PURPOSE OF CONCLUDING AND PERFORMING CONTRACTS, POSSIBLE PURSUIT OF CLAIMS AND DEFENCE AGAINST CLAIMS

We may process personal data necessary for the performance of a contract concluded with you. However, even before such a contract is concluded, we may process personal data necessary to take steps at your request. The processing of this data takes place on the basis of Article 6(1)(b) GDPR.

During the performance of the contract and after its completion, we process the personal data of the party to the contract for the purpose of possible consideration of claims, as well as pursuing or defending against such claims. Our legitimate interest is, for example, the ability to respond to a possible complaint, which we are obliged to do under separate provisions of civil law. In such a case, we process personal data on the basis of a legitimate interest consisting in defending against possible claims or pursuing such claims. The processing of this data takes place on the basis of Article 6(1)(f) GDPR.

We will store this data for the period necessary to achieve the specified purposes, but no longer than until the limitation period for claims expires under separate provisions of law.

You have the right to access your data, rectify it, erase it, restrict its processing, the right to data portability, and the right to lodge a complaint with a supervisory authority. Where data is processed for the purpose referred to in point 2, you also have the right to object to its processing.

Providing this data is voluntary; however, failure to provide it will prevent the conclusion or performance of the contract.

The recipients of this data are: our hosting provider, e-mail service provider, IT service provider, accounting service provider and invoicing software provider, electronic payment service provider, legal, advisory and debt collection service providers, and other service providers whose services we use for the specified purpose.

4. INFORMATION ON DATA PROCESSING FOR DIRECT MARKETING PURPOSES

We may process your personal data for direct marketing purposes. This occurs, for example, when we respond to your message while presenting details of our offer.

For direct marketing purposes, we may use profiling consisting of automated decision-making regarding the display of advertisements to you. Such decisions are made based on your activities within the Service, in particular on contracts concluded or pages viewed by you. In practice, profiling supports the usability of our Service by allowing us to present content that may potentially be of interest to you.

The processing of such data takes place on the basis of Article 6(1)(f) GDPR.

We will store your data for the period necessary to achieve the intended purpose.

You have the right to access your data, rectify it, erase it, restrict its processing, the right to data portability, the right to object to processing, and the right to lodge a complaint with a supervisory authority.

You have the right not to be subject to profiling unless you have given consent to it. In such a case, the basis for processing your data will be your consent (Article 6(1)(a) GDPR), which you may withdraw at any time. Your data will then be processed until such consent is withdrawn.

Providing this data is voluntary; however, failure to provide it will prevent direct marketing activities.

Recipients of this data are: our hosting provider, IT service provider, and e-mail service provider.

5. INFORMATION ON DATA PROCESSING FOR SECURITY PURPOSES

From the moment you access our website, for the purpose of ensuring service security, we process data such as:

  • the public IP address of the device from which the request originated,
  • browser type and language,
  • date and time of the request,
  • number of bytes sent by the server,
  • URL of the previously visited page, where the visit occurred through that link,
  • information about errors that occurred during request processing.

Our legitimate interest in this processing is maintaining server event logs and protecting the Service against potential hacking attacks and other abuses. This includes the ability to determine the IP address of a person carrying out prohibited actions within the Service, such as attempts to breach security, publication of prohibited content, or unauthorized use of our servers.

The processing of such data takes place on the basis of Article 6(1)(f) GDPR.

We will store this data for the period necessary to achieve the specified purposes, but no longer than until the limitation period for claims expires under separate legal provisions.

You have the right to access your data, rectify it, erase it, restrict processing, object to processing, and lodge a complaint with a supervisory authority.

Providing this data is a condition for using the Service. Failure to provide it will make use of the Service impossible.

Recipients of this data are our hosting provider and IT service provider.

6. INFORMATION ON DATA RECIPIENTS

When processing personal data, we use external service providers. Therefore, recipients of your personal data may be third parties. Whenever we collect personal data, we always inform you about such recipients; however, for the sake of clarity, we do so in abbreviated form. Accordingly, when we refer to categories of recipients, these include:

  • IT service provider: Agencja Projektowo Internetowa DesignOrka, Łukasz Raczkowiak, Złota Polana 14, 62-020 Gortatowo, Poland.
  • Hosting provider: Kylos Sp. z o.o., ul. Wróblewskiego 18, 93-578 Łódź, Poland.
  • E-mail service provider: Kylos Sp. z o.o., ul. Wróblewskiego 18, 93-578 Łódź, Poland.
  • Accounting service provider: Sleek Tech Pte Ltd, 160 Robinson Road, #14-04 SBF Center, S068914 Singapore.
  • Invoicing software provider: eCOM Krzysztof Książek, ul. Heweliusza 11 lok. 811, 80-890 Gdańsk, Poland.
  • Legal / advisory / debt collection providers: appointed individually whenever required.
  • Electronic payment providers: Krajowy Integrator Płatności S.A., pl. Andersa 3, 61-894 Poznań, Poland; PayPal Holdings, Inc., 2211 North First Street, San Jose, CA 95131, USA.

7. INFORMATION ON TRANSFERS OF DATA TO THIRD COUNTRIES

As we use services provided by other suppliers, your personal data may be transferred outside the European Economic Area (EEA), namely to the following countries:

  • United States of America (USA)
  • Singapore

The European Commission has determined that certain countries outside the EEA provide an adequate level of protection for personal data.

Where the country referred to above has not been recognized as providing an adequate level of protection, data transfers are carried out on the basis of agreements containing the Standard Contractual Clauses adopted by the European Commission.

Additionally, where data is transferred to PayPal Holdings, Inc., the security of such data is ensured through PayPal’s participation in the Data Privacy Framework.

8. ABSOLUTE RIGHTS OF DATA SUBJECTS

When we refer to rights related to the processing of your personal data, we mean the rights described below. The possibility of exercising these rights is independent of the legal basis for processing your personal data.

Right of Access

You have the right to obtain confirmation as to whether we process your personal data. If so, you have the right to access such data and receive additional information regarding:

  • the purposes of processing,
  • the categories of personal data concerned,
  • recipients or categories of recipients to whom the data has been or will be disclosed, in particular recipients in third countries or international organisations,
  • where possible, the planned retention period, or if not possible, the criteria used to determine that period,
  • the right to request rectification, erasure or restriction of processing, the right to object, and the right to lodge a complaint with a supervisory authority,
  • the source of the data if it was not collected directly from you,
  • automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and expected consequences of such processing for you.

Upon receiving such a request, we are obliged to provide a copy of the personal data being processed. If the request is submitted electronically and unless otherwise requested, the information will also be provided electronically.

Right to Rectification

You have the right to request that we promptly correct inaccurate personal data concerning you.

Taking into account the purposes of processing, you also have the right to have incomplete personal data completed, including by providing a supplementary statement.

Right to Erasure (“Right to be Forgotten”)

You have the right to request that we promptly erase personal data concerning you. We are obliged to erase such data without undue delay where one of the following grounds applies:

  • you have withdrawn consent and there is no other legal basis for processing,
  • you have effectively objected to the processing,
  • your personal data has been processed unlawfully,
  • the personal data must be erased to comply with a legal obligation,
  • the data was collected in relation to the offer of information society services.

Right to Restriction of Processing

You have the right to request restriction of processing in the following cases:

  • where you contest the accuracy of the data – for a period enabling us to verify its accuracy,
  • where processing is unlawful and you oppose erasure and request restriction instead,
  • where we no longer need the data, but you require it for the establishment, exercise or defence of legal claims,
  • where you have objected to processing – pending verification whether our legitimate grounds override yours.

Automated Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

This right does not apply if the decision:

  • is necessary for entering into or performing a contract between you and us,
  • is authorised by EU or Polish law and includes suitable safeguards, or
  • is based on your explicit consent.

Right to Lodge a Complaint

You have the right to lodge a complaint regarding the processing of your personal data with the competent supervisory authority:

President of the Personal Data Protection Office (UODO)
ul. Stawki 2
00-193 Warsaw, Poland
Tel: +48 22 531 03 00
E-mail: kancelaria@uodo.gov.pl

9. CONDITIONAL RIGHTS OF DATA SUBJECTS

When we refer to rights related to the processing of your personal data, we mean the rights described below. The possibility of exercising these rights depends each time on the legal basis for processing your personal data.

Right to Withdraw Consent

Where we process your personal data on the basis of your consent, you have the right to withdraw that consent at any time.

Naturally, withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Right to Data Portability

You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format.

You also have the right to transmit those personal data to another controller without hindrance from us, where processing is based on:

  • consent, or
  • a contract,

and where processing is carried out by automated means.

When exercising your right to data portability, you also have the right to request that personal data be transmitted directly by us to another controller, where technically feasible.

This right shall not adversely affect the rights and freedoms of others.

Right to Object

Where we process your personal data on the basis of Article 6(1)(f) GDPR (legitimate interests), you have the right to object to such processing on grounds relating to your particular situation.

In such case, we may no longer process the personal data unless we demonstrate:

  • compelling legitimate grounds for the processing which override your interests, rights and freedoms, or
  • grounds for the establishment, exercise or defence of legal claims.

If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for such purposes.

10. COOKIES – INTRODUCTION

The Website uses cookies.

Cookies are commonly used small files containing a string of characters which are sent to and stored on the end device (e.g. computer, laptop, tablet, smartphone) used when visiting the Website.

This information is stored in the browser memory and sent back upon subsequent visits to the Website.

Cookies may be categorised according to three different classification methods.

All information regarding cookies used on our Website can be found in the notice displayed on the Website in the form of a cookie management tool.

11. DATA CONTROLLER COOKIES

Cookies managed by us allow for:

  • authentication of access,
  • maintaining sessions after login,
  • protecting the Website against hacking attacks,
  • “remembering” the contents of completed form fields by the browser (optional),
  • “remembering” items added to the shopping cart.

Thanks to this, using the Website becomes easier and more convenient.

12. THIRD-PARTY COOKIES

The use of third-party cookies is governed by the privacy and cookie policies applied by those third parties.

GOOGLE

We use cookies administered by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043, United States, within the scope of the following services:

  • Google Ads – advertising cookies used to conduct and assess the quality of advertising campaigns run via Google Ads,
  • Google Analytics – analytical cookies used to examine user behaviour and website traffic, and to generate traffic statistics.

The data collected by Google Inc. is anonymous and aggregated in nature. In particular, it does not contain identifying characteristics (understood as personal data) of Website users.

When using the above services, we collect data such as:

  • traffic acquisition sources of users visiting the Website,
  • user behaviour on the Website,
  • information about devices and browsers used,
  • IP address,
  • domain,
  • demographic data (age, gender),
  • interests,
  • geographic data.

More information can be found here:
https://policies.google.com/technologies/cookies

FACEBOOK / META

We use cookies administered by Meta Inc., 1 Hacker Way, Menlo Park, CA 94025, United States.

Functional Cookies

Functional cookies used by Meta Inc. may be used to:

  • connect your external Facebook account with your Website account,
  • process your activity performed using “Share” or “Like” buttons.

Such processing may have a public nature.

Advertising Pixel Tags

Advertising pixel tags used by Meta Inc. are elements embedded in digital content that enable recording information, e.g.:

  • activity carried out on the Website,
  • effectiveness measurement of advertisements.

Management of the Meta pixel tag is possible through the Facebook user panel.

More information can be found here:
https://www.facebook.com/policies/cookies/

The use of third-party cookies is governed by the privacy and cookie policies applied by those third parties.

Current third-party policies may also be found here:
https://www.e-regulaminy.pl/biuletyn/polityki-prywatnosci-i-plikow-cookies/

13. CONSENT TO THE USE OF COOKIES AND COOKIE MANAGEMENT

Except for strictly necessary cookies, cookies are processed on the basis of the user’s consent.

Consent to the use of cookies is voluntary and may be withdrawn at any time.

Please note that refusing certain cookies may cause limitations in the use of the Website and its functionalities, or may even prevent proper use of the Website.

Consent to cookie processing may be granted through:

  • settings of software installed on the user’s telecommunications end device,
  • clicking a button containing a declaration of consent or confirmation of reading the cookie notice,
  • settings available within the Website.

14. CACHE MEMORY

When using the Website, we may automatically use the cache memory installed on your device.

Within local storage, data may be stored between sessions, i.e. between subsequent visits to the Website.

The purpose of using cache memory is to speed up the use of the Website by eliminating situations in which the same data would have to be repeatedly downloaded from the Website, thereby unnecessarily burdening the user’s internet connection.

Cache memory may also store data such as login passwords.

15. LINKS TO OTHER WEBSITES OR SOFTWARE

The Website may contain links to other websites or software.

We are not responsible for the privacy policies or cookie processing practices applied by those websites or software providers.

We recommend reviewing the privacy policy and cookie policy of such websites or software after accessing them or before installing them.

16. CHANGES TO THE PRIVACY POLICY AND COOKIE POLICY

The Privacy Policy and Cookie Policy shall enter into force on the date of publication on the Website.

Any amendments to the Privacy Policy and Cookie Policy shall be made by publishing the new version on the Website.

Information regarding changes to the Privacy Policy and Cookie Policy will be published within the Website no later than 3 days before the effective date of the updated version.