Privacy policy
This Privacy Policy sets out the rules for processing personal data obtained through the website choicechangeinspire.co.uk (hereinafter referred to as the “Website”).
The owner of the website and the Data Controller is Sandra Dec, hereinafter referred to as the “Controller.”
Personal data collected by the Controller through the Website are processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also known as GDPR.
The Controller takes special care to respect the privacy of the Customers visiting the Website.
1. Types of Processed Data, Purposes, and Legal Basis
The Controller collects information concerning natural persons performing legal actions not directly related to their business activity, natural persons conducting business or professional activities in their own name, and natural persons representing legal entities or organizational units that are not legal entities but are granted legal capacity by law, conducting business or professional activities in their own name, collectively referred to as “Customers.”
Personal data of Customers is collected in the case of:
- Using the contact form service on the Website to perform an electronically provided service agreement. Legal basis: necessity to perform the contact form service agreement (Art. 6(1)(b) GDPR).
In the case of using the contact form service, the Customer provides the following data:
Email address
First name
Phone number
Additional information may be collected when using the Website, including: IP address assigned to the Customer’s computer or external IP address of the Internet provider, domain name, type of browser, access time, operating system type.
Navigation data may also be collected from Customers, including information about links and references they choose to click on or other actions taken on the Website. Legal basis – legitimate interest (Art. 6(1)(f) GDPR), consisting of facilitating the use of electronically provided services and improving the functionality of these services.
The provision of personal data to the Controller is voluntary.
2. Recipients of Data and Storage Duration
Customer’s personal data is provided to service providers used by the Controller for the operation of the Website. Service providers to whom personal data is transferred may, depending on contractual agreements and circumstances, either follow the Controller’s instructions regarding the purposes and methods of processing this data (processing entities) or independently determine the purposes and methods of processing (administrators).
2.1. Processing Entities. The Controller uses service providers who process personal data solely on the Controller’s instructions. These include hosting service providers, accounting services, marketing systems, systems for analyzing traffic on the Website, systems for analyzing the effectiveness of marketing campaigns.
2.2. Administrators. The Controller uses service providers who do not act solely on the Controller’s instructions and independently determine the purposes and methods of using Customers’ personal data. They provide electronic and banking payment services.
The personal data of Customers is stored:
3.1. In cases where the legal basis for the processing of personal data is consent, the Customer’s personal data is processed by the Controller for as long as the consent is not revoked. After consent is revoked, data will be stored for a period corresponding to the statute of limitations for claims that may be raised against the Controller. If a specific provision states otherwise, the statute of limitations is six years, and for claims related to periodic performance and claims related to business activity – three years.
3.2. In cases where the legal basis for the processing of data is the performance of a contract, the Customer’s personal data is processed by the Controller for as long as necessary to perform the contract, and after that time for a period corresponding to the statute of limitations for claims. If a specific provision states otherwise, the statute of limitations is six years, and for claims related to periodic performance and claims related to business activity – three years.
In the event of a request, the Controller provides personal data to authorized state authorities, particularly to the organizational units of the Prosecutor’s Office, Police, President of the Personal Data Protection Office, President of the Office of Competition and Consumer Protection, or President of the Office of Electronic Communications.
3. Cookies Mechanism, IP Address
The Website uses small files called cookies. They are stored by the Controller on the end device of the person visiting the Website, provided that the web browser allows it. A cookie usually contains the domain name from which it originates, its “expiration time,” and a randomly selected identifying number for this file. Information collected using such files helps tailor the products offered by the Controller to the individual preferences and real needs of the people visiting the Website.
The Controller uses two types of cookies:
3.1. Session cookies: after the session of the given browser ends or the computer is turned off, the stored information is deleted from the device’s memory. The mechanism of session cookies does not allow the retrieval of any personal data or confidential information from Customers’ computers.
3.2. Persistent cookies: they are stored in the memory of the Customer’s end device and remain there until they are deleted or expire. The mechanism of persistent cookies does not allow the retrieval of any personal data or confidential information from Customers’ computers.
The Controller uses its own cookies for the following purposes:
4.1. Analysis and research, as well as audit of the viewership, especially for creating anonymous statistics that help understand how Customers use the Website. This allows for the improvement of its structure and content.
The Controller uses third-party cookies for the following purposes:
5.1. Displaying maps indicating the location of the Controller’s office on informational pages of the Website, using the internet service maps.google.com (external cookie administrator: Google Inc. based in the USA).
The cookies mechanism is safe for the computers of Customers visiting the Website. In particular, it is not possible to introduce viruses or other unwanted software or malicious software to Customers’ computers through this mechanism. Nevertheless, Customers can limit or disable access to cookies in their browsers. If this option is used, using the Website will be possible, except for functions that inherently require cookies.
The Controller may collect Customer IP addresses. An IP address is a number assigned to a computer visiting the Website by the Internet service provider. The IP number allows access to the Internet. In most cases, it is assigned to a computer dynamically, meaning it changes with each Internet connection and is therefore widely regarded as non-personal identifying information. The IP address is used by the Controller to diagnose technical problems with the server, create statistical analyses (e.g., determine from which regions the most visits are received), provide information useful for administering and improving the Website, as well as for security purposes and possible identification of burdens on the server, unwanted automated programs for browsing the content of the Website.
4. Rights of Data Subjects
The right to withdraw consent – legal basis: Art. 7(3) GDPR.
The right to object to data processing – legal basis: Art. 21 GDPR.
The right to erasure (right to be forgotten) – legal basis: Art. 17 GDPR.
The right to restriction of processing – legal basis: Art. 18 GDPR.
The right to access data – legal basis: Art. 15 GDPR.
The right to rectification – legal basis: Art. 16 GDPR.
The right to data portability – legal basis: Art. 20 GDPR.
If a Customer exercises any of the above rights, the Controller will fulfill the request or deny it immediately, no later than one month after receiving it. However, if due to the complexity of the request or the number of requests, the Controller cannot fulfill the request within one month, it will fulfill it within the next two months, informing the Customer in advance within a month of receiving the request – about the intended extension of the deadline and its reasons.
Customers can address complaints, inquiries, and requests regarding the processing of their personal data and the exercise of their rights to the Controller.
5. Changes to the Privacy Policy
The Privacy Policy may change, and the Controller is not obligated to inform about it.
For questions related to the Privacy Policy, please contact: choicechangeinspire@gmail.com
Date of last modification: 21.08.2023