PRIVACY POLICY
This document explains how Natalia de Barbaro – Modelska “Hekla” based in Burów 130, 32-083 Burów (Administrator) processes personal data.
You can contact the Personal Data Administrator by sending an e-mail to the following address: lucyna@nataliadebarbaro.com. or by sending correspondence to the following address: Natalia de Barbaro – Modelska “Hekla” based in Burów 130, 32-083 Burów.
- Definitions
- Administrator– Natalia de Barbaro – Modelska “Hekla” based in Burów 130, 32-083 Burów (hereinafter referred to as ADO).
- Personal data – information about a natural person identified or identifiable by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, data location, online identifier and information collected through cookies and other similar technology.
- Policy – this Privacy Policy.
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
- Website – website run by the Administrator at https://nataliadebarbaro.com
- User – any natural person visiting the Website or using one or more services or functionalities described in the Policy.
- Personal data processing – purposes and grounds
The Administrator conducts risk analysis on an ongoing basis to ensure that Personal Data is processed in a safe manner – ensuring, above all, that only authorized persons have access to the data and only to the extent necessary for the tasks they perform. . The Administrator ensures that all operations on Personal Data are recorded and performed only by authorized employees and collaborators. The Administrator takes all necessary actions to ensure that its subcontractors and other cooperating entities guarantee the use of appropriate security measures whenever they process Personal Data on behalf of the Administrator.
In connection with the User’s use of the Website, the Administrator collects data to the extent necessary to provide the individual services offered, as well as information about the User’s activity on the Website. Detailed principles and purposes of processing Personal Data collected while using the Website by the User are described below.
- Using the website
- Personal data of all persons using the Website (including IP address or other identifiers and information collected via cookies or other similar technologies) are processed by the Administrator:
- in order to provide services electronically in the scope of making content collected on the Website available to Users – then the legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) of the GDPR);
- for analytical and statistical purposes – then the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in analyzing Users’ activity as well as their preferences in order to improve the functionalities used and the services provided ;
- in order to possibly determine and pursue claims or defend against claims – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in the protection of his rights;
- Contact forms
- The administrator provides the possibility of contacting him using electronic contact forms. Using the form requires providing Personal Data necessary to contact the User and answer the inquiry. You must provide such data as: name, surname, email address.
- Personal data is processed:
- in order to identify the sender and handle his inquiry sent via the form provided pursuant to Art. 6 section, 1 letter f of the GDPR, where the legitimate interest is to answer the inquiry.
- Data processed for the purpose of using products and services offered by the Administrator, including, among others: as part of participation in workshops, training, webinars.
The data will be processed for the purpose of:
- implementation of a possible contract – the basis for the processing of personal data is Art. 6 section 1 letter b GDPR;
- reserving a place for a training, workshop, webinar and in order to prepare the necessary documents, as well as contacting in related matters – legal basis: Art. 6 section 1 letter b GDPR; if you designate contact persons – the legal basis will be Art. 6 section 1 letter f GDPR, where the legitimate interest is to facilitate the execution of the concluded contract and meet customer expectations;
- using products and services offered by ADO – the basis for the processing of personal data is Art. 6 section 1 letter b GDPR;
- performance of concluded contracts – the basis for the processing of personal data is Art. 6 section 1 letter b GDPR;
- ensuring the implementation of the contract between you – in terms of identification and contact details (business email address/business telephone number, address) – the basis for the processing of personal data is Art. 6 section 1 letter b GDPR
- Issuing and storing VAT invoices and other accounting documents – legal basis: Art. 6 section 1 letter c GDPR;
- determining, defending, pursuing possible claims – legal basis: art. 6 section 1 letter f GDPR where the legitimate interest is the defense or pursuit of possible claims;
- targeting direct marketing to you – legal basis: art. 6 section 1 letter f GDPR:
- proper service by PDC, including solving your case electronically, including through contact via messenger on the website or on social media, as well as by phone in accordance with Art. 6 section 1 point f) GDPR, where the legitimate interest consists in proper customer service;
- consideration of complaints in accordance with Art. 6 section 1 letter f) GDPR, where the legitimate purpose of the administrator is to consider complaints,
- responding to the data subject’s request in accordance with Art. 6 section 1 letter f GDPR,
- archive in accordance with Art. 6 section 1 point c) GDPR.
direct marketing
- The User’s personal data may also be used by the Administrator to send marketing content to him through various channels, i.e. via e-mail. Such actions are taken by the Administrator only if the User has given their consent, which may be withdrawn at any time.
- Promoting services and offers can also be done via social media such as Facebook, Linkedin, Instragram, YT.
- In some cases, the Administrator may also carry out direct marketing via traditional mail. The User will be informed separately about the intention to conduct this type of marketing. The basis for the processing of personal data will then be Art. 6 section 1 letter f GDPR. The User has the right to object to this type of marketing.
- Collecting data as part of business contacts
- In connection with its business activities, the Administrator also collects personal data in other cases – e.g. during business meetings or by exchanging business cards – for purposes related to initiating and maintaining business contacts. The legal basis for processing in this case is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in creating a network of contacts in connection with the conducted business. Personal data collected in such cases are processed only for the purpose for which they were collected, and the Administrator ensures their appropriate protection.
Providing data is voluntary, but necessary to achieve the above-mentioned purposes.
- Cookies
- Cookies (so-called “cookies”) are IT data, in particular text files, which are stored on the Website User’s end device and are intended for using the Website’s websites. Cookies usually contain the name of the website they come from, their storage time on the end device and a unique number of the User’s visits to the Website and the activities performed by him/her.
- We use cookies to:
- adapting the content of the Website’s pages to the User’s preferences and optimizing the use of websites; in particular, these files allow you to recognize the Website User’s device and properly display the website, tailored to his individual needs;
- creating statistics that help understand how Website Users use websites, which allows improving their structure and content;
- We use the analytical tool Google Analytics – these are files used by Google to analyze how the User uses the Website, to create statistics and reports on the functioning of the Website. Google does not use the collected data to identify the User or combine this information to enable identification.
- Personal data processing periods
The storage period depends on the type of services provided and the purpose of processing. As a rule, we process data for the duration of use of the website; if you send an inquiry via the contact form, personal data will be stored for the period necessary to respond to the inquiry. In the case of the implementation of any contracts, for the period of the contract and for the period of any claims, up to a maximum of 6 years from its completion. In the case of direct marketing, personal data will be processed until an objection is raised. If the basis for the processing of personal data is consent – until it is withdrawn.
The data processing period may be extended if processing is necessary to establish and pursue possible claims or defend against claims, and after that time only if and to the extent required by law. After the processing period, the data is irreversibly deleted or anonymized.
- Rights of the data subject
The user has the right to access the data and request its rectification, deletion, restriction of processing, the right to transfer data and the right to object to data processing.
I also have the right to lodge a complaint with the supervisory authority of the Personal Data Protection Office, ul. Stawki 2 Warsaw.
If you need additional information related to personal data protection or want to exercise your rights, please contact us:
- send correspondence to the following address: Natalia de Barbaro – Modelska “Hekla” based in Burów 130, 32-083 Burów
- by e-mail: lucyna@nataliadebarbaro.com.
- To whom we transfer data
Only authorized employees and collaborators of the Administrator have access to personal data.
In connection with the provision of services, Personal Data may be disclosed to external entities, including in particular suppliers responsible for operating IT systems and entities related to the Administrator.
The Administrator reserves the right to disclose selected information about the User to competent authorities or third parties who request such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.
In the case of organizing training/open meetings, we may transfer your personal data to the extent necessary in accordance with the principle of data minimization:
- the entity from which we rent the room – to enable access to the facility where the training will take place,
- protection of the building where the training/meeting will take place – in order to allow access to the facility where the training/meeting will take place.
- Transfer of personal data outside the EEA
The administrator does not transfer data outside the EEA, but if necessary, he will apply the necessary level of protection in accordance with Chapter V of the GDPR, e.g.:
- cooperation with entities processing Personal Data in countries for which an appropriate decision of the European Commission has been issued regarding the assurance of an adequate level of protection of Personal Data;
- application of standard contractual clauses issued by the European Commission;
- application of binding corporate rules approved by the competent supervisory authority;
The Administrator always informs about the intention to transfer Personal Data outside the EEA at the stage of their collection.
- Privacy policy update
The policy is constantly verified and updated, if necessary.
Last updated February 28, 2023