§1 Who is the Administrator of Your Personal Data?

The Administrator of the data is the Step by Step Foundation, located at Jana III Sobieskiego 2 / 8, 95-200 Pabianice, Poland, KRS 0000399911. You can contact the Administrator by writing to the email address: mariusz.kucinski@logtolife.org.

§2 Why do we collect your data and how long do we store it?

We may process your data for the following purposes:

  1. Communication with you, including responding to questions submitted via the contact form, email, etc.;The data will be processed based on the Administrator’s legitimate interest in communicating with the Website Users (Art. 6(1)(f) GDPR). Your data will be processed no longer than until you object or the business purpose ceases. Providing this data is voluntary, but it is necessary to communicate with you. The data may also be processed during the archiving process for internal purposes, based on the Administrator’s legitimate interest (Art. 6(1)(f) GDPR), until you object or the business purpose ceases.
  2. Concluding and performing a contract (placing an order);
  3. Establishing, defending, and pursuing claims;
  4. Fulfilling legal obligations incumbent on the Administrator (including tax and archiving obligations);Data necessary for concluding and performing the contract will be processed for the duration of the contract, including the time for exercising rights arising from the contract, such as warranty claims (Art. 6(1)(b) and (f) GDPR). Providing this data is voluntary but necessary to conclude and perform the contract.Additional data provided to, among other things, facilitate the performance of the contract, will be processed no longer than until you object or the business purpose ceases, based on the legitimate interest of customer service (Art. 6(1)(f) GDPR).After this period, the data will be processed for the limitation period of claims, based on the Administrator’s legitimate interest in defending against claims, as well as for establishing and pursuing claims (Art. 6(1)(f) GDPR).If the data is necessary to fulfill legal obligations incumbent on the Administrator (such as issuing and storing invoices), the data will be processed for this purpose no longer than six years (archiving obligations for accounting documents), unless legal provisions require a longer period (Art. 6(1)(c) GDPR).The data may also be archived for internal and statistical purposes, based on the Administrator’s legitimate interest (Art. 6(1)(f) GDPR), until you object or the business purpose ceases.
  5. Providing marketing information (including sending newsletters and information about services, products, promotions, free content via other tools, such as chatbots or phone calls);The data will be processed based on the Administrator’s legitimate interest in marketing the Administrator’s products and services (Art. 6(1)(f) GDPR). The data will be processed no longer than until you object or the business purpose ceases, whichever comes first. Providing the data is voluntary but necessary for receiving marketing/business information.Under Article 10 of the Act on the Provision of Electronic Services, for the purpose of maintaining business communication and phone contact, I need your consent. You can withdraw it at any time by clicking the link in the email footer or by writing to me at the email address provided above.
  6. Administering and managing the website and groups on social media platforms (including Facebook (Meta), Instagram, LinkedIn), in cases where data processing takes place on social media platforms, including communication and marketing content;This data will only be processed if you choose to like the page/join the group/follow or otherwise provide your data on the platform managed by me, e.g., by posting a message or comment. The data will be processed for the duration of the page/group or until you object, which can be done by unliking, unfollowing, deleting your comment/post, or contacting me. The rules relating to the page/group are set by the Administrator, while the rules of using the social media platform on which the page/group is located are set by the operators of these platforms.
  7. Analytical and statistical purposes;Data processing for analytical and statistical purposes involves analyzing data automatically obtained when using the website, including cookies. The data is processed based on the Administrator’s legitimate interest in tailoring the Website content to User preferences and optimizing the Website’s use; creating statistics that help understand how Users use the Website, enabling improvements to its structure and content (Art. 6(1)(f) GDPR). The data may also be archived for internal and statistical purposes, based on the Administrator’s legitimate interest (Art. 6(1)(f) GDPR), until you object or the business purpose ceases.
  8. Recovering abandoned carts;If you do not complete the order, you will receive a reminder about the initiated but unfinished order. The data will be processed based on the Administrator’s legitimate interest in servicing potential and actual Customers (Art. 6(1)(f) GDPR). This data will be processed for the necessary time to achieve business purposes or until you object.
  9. Posting comments;Data visible on our Website with a posted comment is processed by us for the administration and operation of the Website, as well as communication with you, based on the Administrator’s legitimate interest (Art. 6(1)(f) GDPR), for the necessary time to achieve business purposes or until you object.
  10. Promotion and marketing;

If you provide us with your data, particularly in the form of a product or service review, including image data, it will be processed based on the Administrator’s legitimate interest in marketing, aimed at improving service and product quality and promoting the Administrator’s services and products. This data will be processed for the necessary time to achieve business purposes or until you object. Providing data is voluntary.

  1. Collecting sensitive data;

Sensitive data is collected for the conclusion and proper performance of the contract — based on your informed and voluntary consent (Art. 9(2)(a) GDPR) — until the business purpose ceases or consent is withdrawn. Providing this data is voluntary but necessary for the proper performance of the contract.

§3 To whom may we transfer your data?

We transfer your data to other entities only when it is necessary to achieve the processing purposes mentioned in §2 and only to the extent necessary to achieve this purpose. As a rule, we collect and process only the data you provide to us, except for data collected automatically (cookies). More about cookies can be found in §7.

If necessary, your data may be transferred to entities we cooperate with to achieve the above-mentioned purposes, including hosting companies, IT companies/platform administrators, accounting firms, invoicing software providers, newsletter providers, cloud service providers, marketing service providers, administrative service providers, consulting service providers, subcontractors, lawyers, couriers or postal operators, training platforms, social media platforms, client management platforms, booking platforms, product or service sharing platforms, and other entities supporting the Administrator in achieving the processing purposes.

As a rule, data will not be transferred outside the EEA, except in the situations described below. In other cases, if the data is transferred outside the EEA, it will be based on your consent, standard contractual clauses, or other safeguards provided under GDPR, after fulfilling, among others, the information obligation.

Services provided by Google or Facebook (Meta) are generally performed by entities based in the European Union. However, due to the global nature of these entities, your data may be transferred to the USA, as they are stored on American servers (in whole or in part). Regardless, Google and Facebook have implemented safeguards compliant with GDPR to protect personal data through standard contractual clauses. More information about the data processing rules by these providers can be found in their respective privacy policies.

§4 What rights do you have?

Under GDPR, you have the right to access your personal data, rectify personal data, erase personal data, restrict the processing of personal data, object to the processing of personal data, transfer personal data, and withdraw your consent to data processing. Withdrawing consent does not affect the lawfulness of processing carried out before its withdrawal. Detailed information about these rights can be found in the GDPR, i.e., the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

If you believe that your personal data is being processed unlawfully, you have the right to lodge a complaint with the President of the Personal Data Protection Office. However, I encourage you to contact me first to clarify any doubts.

§5 Is your data profiled?

The Administrator analyzes personal data in an automated way, using tools provided by software providers (e.g., statistics, history), only to the extent that does not have any legal consequences for you or significantly impact your situation, including your guaranteed rights and freedoms. The purpose of automated data processing is to understand User preferences (more information about the analysis can be found in §7 Cookie Policy).

§6 Applicable data protection laws

For matters not regulated, applicable law, including European law (particularly GDPR), applies.

§7 Cookie Policy

The Website does not automatically collect any information, except for the information contained in cookies. This data is collected in a way that does not allow the User to be identified, so-called anonymous data.

Cookies are IT data, particularly text files, which are stored on the User’s end device and are intended for using the Website. Cookies typically contain the name of the website from which they originate, the time they are stored on the end device, and a unique number.

Cookies are used to:

  • Tailor the content of the Website to User preferences and optimize the use of the Website;
  • Create statistics that help understand how Users use the Website, allowing for improvements in its structure and content.

You can independently change your cookie settings. In many cases, the web browser automatically allows cookies to be stored on the User’s device. Detailed information about the possibility and methods of handling cookies is available in the browser settings. Refusing cookies may limit some functionalities on the Website.

The Administrator uses technologies that track actions taken by Users on the Website:

  • Facebook (Meta) Conversion Pixel provided by Meta Platforms Ireland Limited to manage ads on Meta and conduct remarketing activities. The Facebook Pixel is a piece of code published on the website that allows reaching a target group based on the data of people who have used the website. The function allows published ads on Meta platforms to be displayed only to portal users who have shown interest in products or services or have similar characteristics to those users. This data is processed based on the Administrator’s legitimate interest (Art. 6(1)(f) GDPR). Detailed information on the Facebook Pixel can be found on Meta’s Privacy Policy page.
  • Google tools, including Google Analytics provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data obtained using these tools is used to analyze the Website’s statistics. Google Analytics uses its own cookies to analyze the actions and behaviors of Website Users. These cookies store information such as the source from which the User arrived at the current website. This helps improve the Website. This data is processed based on the Administrator’s legitimate interest (Art. 6(1)(f) GDPR). Detailed information on Google Analytics can be found on the Google Tools Terms of Use page.

§8 Social Media Plugins

The Website uses plugins, widgets, and other social media tools provided by platforms such as Facebook (Meta), Instagram, YouTube, and LinkedIn. The rules for processing personal data are described directly on the pages of these service providers.

§9 Co-administration

Data processed for the purpose of statistics collected within the Facebook (Meta) platform is co-administered by the Administrator and Meta Platforms Ireland Limited, located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter referred to as the Co-administrator. Detailed rules regarding co-administration of data, including information on the rights of data subjects, are described on Meta’s Privacy Policy page.

Data processed within the LinkedIn platform is co-administered by the Administrator and LinkedIn Ireland Unlimited Company, address: Legal Dept. (Privacy Policy and User Agreement), Wilton Place, Dublin 2, Ireland, hereinafter referred to as the Co-administrator. Detailed rules regarding co-administration of data, including information on the rights of data subjects, are described on LinkedIn’s Privacy Policy page.

The Administrator processes data based on its legitimate interest in analyzing User activity and preferences to improve the functionalities and services offered. For matters concerning personal data, you can contact both the Administrator and the Co-administrator.