1. pl
  2. en

Privacy Policy

1. GENERAL PROVISIONS

  1. This document is a collection of principles for the processing and protection of personal data provided by users accessing the website and its subpages:www.secretm.eu
  2. The Administrator of the Site and the personal data provided within it is YELLOW ART SP. Z O.O. NIP: 898 231 9031, REGON: 541367500, which processes it in accordance with currently applicable legal regulations. Legal regulations refer to the Personal Data Protection Act and all others listed in point 2 of this document.

 

 

 

 

The Administrator collaborates in data management using tools that support communication with Users, such as sending newsletters, storing customer data from the online store in a mailing tool, managing email accounts, and providing hosting services. Co-administration takes place in cooperation with FreshMail Sp. z o.o. based at Aleja Generała Tadeusza Bora-Komorowskiego 25C, 31-476 Kraków, according to data from the CEIDG/KRS system. Detailed rules of co-administration have been specified in a separate agreement between the parties. Additionally, your personal data may be shared with third parties for the purpose of providing services related to our activities, including:

  • IT service providers and systems supporting the company's operations,
  • entities providing accounting, legal, and consulting services,
  • public institutions as part of obligations arising from legal regulations.

User data may be transferred outside the European Union – to third countries. This results from the Administrator's cooperation with external providers of various services, e.g., Meta Platforms Ireland Limited (Facebook and its subsidiaries), hereinafter referred to as Meta or Facebook, Google, Microsoft, etc. This cooperation means storing user data on American servers.

 

  1. Personal data collected by the Site Administrator through its means are processed solely for the purpose of:

– **Member Registration**
– **Organizing events** and meetings related to the activities of Secret M,
– **Communication with members** and individuals interested in our activities,
– **Marketing activities** – sending newsletters, information about events, or other activities of the Association.

  1. The scope of processed data includes, among others: first and last name, email address, phone number, residence address, bank account number, and other contact details.
  2. The Site Administrator declares that the obtained personal data is not and will not be subject to unlawful processing.
  3. In case of any doubts regarding the provisions of this Privacy Policy and Cookie Policy, please contact the Administrator via email at:kontakt@secretm.eu

 

2. LEGAL BASIS FOR ACQUIRING AND PROCESSING PERSONAL DATA

We process your personal data in accordance with the regulations specified in the legal documents below:

  1. GDPR – refers to the Regulation of the European Parliament and Council (EU) 2016/679 of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  2. DSA – refers to the Regulation of the European Parliament and Council (EU) 2022/2065 of October 19, 2022, on a single market for digital services and amending Directive 2000/31/EC (Digital Services Act).
  3. Personal Data Protection Act – the act of May 10, 2018, on the protection of personal data (Journal of Laws 2019, item 1781, as amended).
  4. Electronic Services Act – the act of July 18, 2002, on providing services by electronic means (Journal of Laws of 2020, item 344, as amended).
  5. Telecommunications Law – the act of July 16, 2004, Telecommunications Law (Journal of Laws of 2024, item 34, as amended).

 

3. DEFINITIONS

  1. Administrator – Yellow Art Sp. z o.o.
  2. User – any entity visiting the site and using it.
  3. Site and/or Online Store – the website, blog, and online store located at: www.secretm.eu
  4. Personal data – information that allows for the identification of an individual, such as name, surname, identification number, location, internet identifier, or physical, genetic, psychological, economic, cultural, or social characteristics.
  5. Consent – understood as a voluntary, conscious, and unequivocal expression of will, in which the User allows for the processing of their personal data through a statement or clear action.
  6. Training platform – a place on the internet where the Administrator provides the Client access to online training materials.
  7. User Account or Account – a profile created by the User on the Store's online platform, which allows access to purchased training and products. Acceptance of the Store's Terms and Conditions is required during Account registration.
  8. Form or Forms – sections on the Site that allow the User to enter personal data for specific purposes, such as subscribing to a Newsletter, placing an order for a product or training, or establishing contact.
  9. Newsletter – a free service provided electronically, through which the Administrator sends emails with information about events, services, products, as well as marketing and commercial content, with the User's consent. This service is also used to achieve the goals of the Administrator's direct marketing.
  10. Service – a set of cooperating IT devices and software that ensures the processing and storage, as well as the sending and receiving of data through telecommunications networks using the appropriate end device for a given type of network (Internet), which also includes the Site or its part, the Store or its part, and applications including mobile applications and other services of the Administrator, Social Media, and the Administrator's channels operating within these Media.

 

4. DATA RETENTION PERIOD

Your personal data will be stored for the period necessary to fulfill the purpose for which it was collected, or until consent is withdrawn if processing is based on it.

After processing is completed, data may be stored for archival purposes in accordance with legal regulations or in the event of justified legal claims.

 

5. DATA ACQUISITION PROCESS

Only data that the User voluntarily provides is processed, except for data collected automatically, such as cookies or login data. These are recorded automatically during a visit to the site. The data obtained in this way includes: IP address, domain name, type of browser or operating system. This data may be used to analyze User behavior, collect demographic data, or personalize the Site's content for optimization purposes. They are processed solely for administrative purposes, maintaining the Site's functionality, and directing marketing content, but are not linked to specific Users.

The Administrator is not responsible for the content provided by third-party sites to which links redirect from its Site. These contents will open in the same or a new browser window. The User is obliged to familiarize themselves with the privacy policy or terms of service of these sites.

 

6. YOUR RIGHTS

Under the GDPR, you have the following rights regarding your personal data:

  1. "Right of access" to your personal data,
  2. "Right to rectification" of inaccurate or incomplete data,
  3. "Right to erasure" (right to be forgotten),
  4. "Right to restrict processing" of data,
  5. "Right to data portability,"
  6. "Right to object" to data processing based on legitimate interest,
  7. "Right to withdraw consent" to data processing at any time (in the case of processing based on consent),
  8. "Right to lodge a complaint" with a supervisory authority – the President of the Personal Data Protection Office.

Data of the supervisory authority:

President of the Personal Data Protection Office,

ul. Stawki 2, 00-193 Warsaw, tel. 22 531-03-00,

email:kancelaria@uodo.gov.pl.

 

To exercise your rights, the User may contact the Administrator via:

email address: kontakt@secretm.eu or by post to the address of the Administrator's place of business, if provided in this Privacy Policy, indicating the scope of their requests. A response will be provided no later than 30 days from the date of receipt of the request and its justification, unless an extension of this deadline is justified in accordance with the GDPR.

 

7. SECURITY PRINCIPLES

We care about the security of your personal data by applying appropriate technical and organizational measures to prevent unauthorized access, modification, loss, or destruction of data. Access to Users' personal data is granted only to authorized persons who are obliged to keep this Data confidential or entities entrusted with the processing of personal data based on a separate data processing agreement.

The Administrator is not responsible for User negligence in securing their personal Data transmitted over the Internet, particularly disclosing their login data to third parties, not using antivirus protections, or failing to update software.

 

8. FORMS

The Administrator uses the following types of Forms on the Site:

a). Newsletter Subscription Form – requires the user to provide their name and email address in the appropriate fields. These fields are mandatory. The User must then confirm their desire to subscribe in order to add their email address to the Administrator's subscriber database. The data obtained in this manner is added to the mailing list for sending the Newsletter.

Subscription means that the User agrees to this Privacy Policy and consents to receive marketing and commercial information via electronic communication means, e.g., email, in accordance with the Act of July 18, 2002 on the provision of electronic services (Journal of Laws of 2020, item 344, as amended).

By subscribing to the Newsletter, the User also consents to the Administrator using the User's telecommunications terminal equipment (e.g., phone, tablet, computer) for direct marketing of the Administrator's products and services and for presenting commercial information to the User in accordance with Article 172(1) of the Telecommunications Law (Journal of Laws of 2014, item 243, as amended).

The above consents are voluntary, but necessary for using the Newsletter service, including, among other things, informing about services, new blog posts, products, promotions, and discounts offered by the Administrator or products of third parties recommended by them. The consents can be withdrawn at any time, which will result in the cessation of sending the Newsletter in accordance with the rules contained in this Privacy Policy.

The Newsletter is sent for an indefinite period, from the moment of activation until the withdrawal of consent. After consent is withdrawn, the User's data may be stored in the newsletter database for up to 2 years to demonstrate the fact of the User's consent to communication via the Newsletter, the User's actions (email open rates), and the moment of withdrawal, as well as any related claims, which constitutes a legitimate interest of the Administrator (Article 6(1)(f) of the GDPR).

The sending of the Newsletter may be discontinued if the User does not demonstrate activity for a minimum of 6 months from the start of the Newsletter service or from the reading of the last email (sent Newsletter). In such a case, the Administrator will remove the User's data from the Newsletter sending system (providers). The User will not be entitled to receive any messages from the Administrator unless they choose to re-subscribe using the Newsletter subscription form or contact the Administrator in another chosen manner.

 

b). Contact Form – enables sending a message to the Administrator and contacting them electronically. Personal data in the form of name, surname, email address, and data provided in the message content are processed by the Administrator in accordance with this Privacy Policy for the purpose of contacting the User.

After the contact with the User is completed, the Data may be archived, which is a legitimate interest of the Administrator. The Administrator cannot determine the exact period of archiving, and thus the deletion of messages. However, the maximum period will not exceed the limitation periods for claims arising from legal provisions.

 

c). Order Form in the Store – When placing an order in the Administrator's online Store, the User must provide specific Data in accordance with the rules contained in the sales regulations to fulfill the order, meet the legal obligations imposed on the Administrator, settlements, handling claims, for statistical and archival purposes, as well as for direct marketing to customers, which is a legitimate interest of the Administrator.

These mainly include: first name, last name, company name, NIP, residential address or company headquarters, possibly the delivery address, email address. If the User already has a user account in the store, they only need to provide their login (or email address) and password to log into their account, and then proceed with the order.

The Administrator stores the Data for the duration of the order or service, and after its completion for the necessary period to protect against claims. Additionally, for the period specified by legal provisions, e.g., tax law (including the period for storing invoices).

 

d). Complaint and withdrawal form in the Store or DSA form (available under the Terms and Conditions) – In the case of using the Administrator's services or products, the User may submit a complaint or withdraw from the concluded contract or report illegal content. For this purpose, the Administrator allows the User to fill out the complaint form and the withdrawal form and the illegal content reporting form or content that does not comply with the terms of service attached to the sales regulations. The User may also perform these actions without filling out the form, however, by providing the necessary Data.

The required Data in this case includes: first name, last name or possibly the User's name, address of residence or registered office of the company (if the order was placed on behalf of a company), email address, phone number (optional), bank account number (if a refund is necessary) and other indicated in the form, particularly the content of requests.

Providing Data is voluntary, but necessary for considering requests in accordance with legal regulations and the sales regulations. The Data will be stored for the purpose of processing the complaint/withdrawal procedure and for archival purposes and defense against claims.

 

e). Registration form for creating a User account in the online store – the User account is created automatically upon the first purchase, and for this purpose, the User should provide at least the following Data: first name, last name, email address, and then set a password.

Sign-up form on landing pages – some subpages, including so-called landing pages in the domain legalnybiznesonline.pl dedicated to data collection mainly for marketing purposes, indicate specific data that the User should download to achieve the intended goal, e.g., to download the indicated material or sign up for an event such as a webinar. These usually include: first name, email address, phone number. These pages may be operated by external tools through which the Administrator collects this data. Not providing the mandatory data will result in the inability to sign up on the form, and they will not be transmitted to the Administrator for processing.

Calendly form for scheduling meetings – to schedule an online meeting in real-time, it is necessary to provide at least the following Data: first name, email. The Data is processed by the Administrator and by the processing entity for the indicated purpose.

Creating an account is based on the principles provided in the Sales Regulations and is a digital service. The rules for maintaining the account and its possible deletion are included in the Regulations.

Data marked as mandatory must be provided, and without them, it will not be possible to create a User account. Providing the remaining Data is voluntary.

 

The Administrator may entrust the processing of personal Data to third parties without separate User Consent (based on a relevant data processing entrustment agreement). Data obtained from forms may not be transferred to third parties.

If the User uses services from external providers such as Google, they should familiarize themselves with their privacy policy, available from those service providers on their websites.

 

9. DISCLAIMER AND COPYRIGHT

 

The content presented on the Site does not constitute advice or specialist guidance (e.g., legal) and does not relate to a specific factual state. If the User wants assistance in a specific matter, they should contact a person authorized to provide such advice or the Administrator at the provided contact Data. The Administrator is not responsible for the use of content contained on the Site or actions or omissions taken based on it.

All content placed on the Site is subject to copyright of specified individuals and/or the Administrator (e.g., photos, texts, other materials, etc.). The Administrator does not grant Consent for copying this content in whole or in part without their explicit prior Consent.

The Administrator hereby informs the User that any dissemination of content provided by the Administrator constitutes a violation of legal provisions and may incur civil or criminal liability. The Administrator may also demand appropriate compensation for material or non-material losses incurred in accordance with applicable regulations.

The Administrator is not responsible for the use of materials available on the site in a manner that is not compliant with the law.

The content placed on the Site is current as of the date of its publication unless otherwise stated.

 

10. CHANGES TO THE PRIVACY POLICY

We reserve the right to make changes to this Privacy Policy. We will inform you of any significant changes resulting from the development of internet technology, changes in applicable law, or the implementation of new tools by the web designer Administrator through our website.

 

Document publication date: 01.01.2025

 

The content posted on the blog is protected by copyright law. Copying, reproducing, distributing, or otherwise using these materials without the author's explicit consent is prohibited and may result in civil or criminal liability. If you wish to obtain a license to use the content, please contact me. The content on the blog reflects the opinions, views, knowledge, and experience of the author and their interlocutors, but it does not constitute a form of individual advice on any matter. Before making decisions on significant issues, always consult the appropriate specialist.

designed by Yellow Art

Sign up for the newsletter

Subscribe to the newsletter

Multiple choice

Wyrażam zgodę na otrzymywanie na podany przeze mnie adres e-mail korespondencji handlowej w postaci Newslettera na zasadach określonych w  Regulaminie sklepu internetowego  i Polityce prywatności. Przysługuje mi prawo cofnięcia zgody na otrzymywanie korespondencji handlowej w każdym czasie.

SAVE
SAVE
The form has been submitted.

Please fill in the required fields!