Policy privacy

Privacy Policy

This privacy policy describes the rules for processing information about you, including personal data and cookies.

1. General Information This policy applies to the website operating at the URL: karasaki.pl. The website operator and data controller is: Rafał Karasek, ul. Warszawska 8, 05-805 Otrębusy. Contact email address of the operator: biuro@karasaki.pl. The operator is the controller of your personal data in relation to data provided voluntarily on the website.

The website uses personal data for the following purposes:

• Newsletter distribution

• Commenting system

• Internet forum operation

• Online chat

• Classifieds system

• Displaying user profiles to other users

• Displaying user advertisements

• Responding to inquiries via forms

• Preparation, packaging, shipping of goods

• Fulfillment of ordered services

• Debt collection

• Presenting offers or information

The website collects information about users and their behavior in the following ways:

• Through voluntarily entered data in forms, which are entered into the operator’s systems

• By storing cookies (“cookies”) on end-user devices

2. Selected Data Protection Methods Used by the Operator

• Login and data entry locations are protected at the transmission layer (SSL certificate). This ensures that personal and login data entered on the site is encrypted and can only be read on the destination server.

• Personal data stored in the database is encrypted so that only the operator with a key can read it.

• User passwords are stored in a hashed form. The hashing function is one-way, which is the current standard for storing passwords.

• The operator periodically changes its administrative passwords.

• The operator regularly creates backups to protect data.

• Regular updates of all software used for processing personal data are performed, particularly software components.

3. Hosting The website is hosted by: cyberFolks.pl. The hosting company maintains server-level logs to ensure technical reliability. Logs may include:

• Requested resource identifiers (URL addresses of requested resources)

• Request arrival time

• Response time

• Client station name (HTTP protocol identification)

• HTTP transaction error information

• Referrer URL (link to the previously visited page)

• User’s browser information

• IP address

• Diagnostic information related to the self-ordering process on the site

• Email handling logs

4. Your Rights and Additional Data Use Information In certain situations, the Administrator has the right to transfer your personal data to other recipients if necessary to perform the contract with you or fulfill legal obligations. This includes:

• Hosting company

• Couriers

• Postal operators

• Insurers

• Law firms and debt collectors

• Banks

• Payment operators

• Public authorities

• Comment system operators

• Online chat operators

• Authorized employees and collaborators

• Marketing service providers

Your personal data is processed no longer than necessary for the tasks defined by legal regulations (e.g., accounting). For marketing data, processing will not exceed 3 years.

You have the right to:

• Access your personal data

• Rectify it

• Delete it

• Restrict processing

• Data portability

You also have the right to object to processing for legitimate interests pursued by the administrator, including profiling. However, objection is not possible if there are compelling legitimate grounds overriding your interests, rights, and freedoms, especially legal claims.

You may lodge a complaint with the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw. Providing personal data is voluntary but necessary to use the website. Automated decisions, including profiling, may be applied for service provision and direct marketing purposes. Personal data is not transferred outside the EEA unless required for service provision. In such cases, appropriate data protection mechanisms are used.

5. Form Information The website collects data provided voluntarily by the user, including personal data. The website may save connection parameters (time, IP address). Sometimes, email addresses may appear in the URL of the form page. Data provided in forms is processed according to the function of the specific form (e.g., service request, commercial contact, service registration).

6. Administrator Logs User behavior data may be logged. This data is used for website administration.

7. Key Marketing Technologies

• Google Analytics is used for site traffic analysis. Only anonymized data is shared with Google. Users can manage ad preferences at: https://www.google.com/ads/preferences/

• Remarketing technologies are used to adjust ads based on user behavior. No personal data is shared with advertisers. Cookies must be enabled.

• Facebook Pixel is used to track visits. No personal data is shared with Facebook beyond what they already manage.

• Heatmaps and session recording technologies are used. Data is anonymized before sending.

• Automation tools may send emails after specific user actions, if the user agreed to receive marketing emails.

8. Cookie Information The website uses cookies: text files stored on the user’s end device. Cookies usually contain: the website name, storage time, unique number. Cookies are placed and accessed by the website operator.

Cookies are used to:

• Maintain session after login

• Implement the marketing technologies mentioned above

Two main types of cookies are used:

• Session cookies (temporary, deleted after logout, page close, or browser exit)

• Persistent cookies (stored until expiration or manual deletion)

Browsers usually allow cookies by default. Users can change settings, delete or block cookies. Restricting cookies may impact some website functionalities.

Cookies may also be used by third parties like Google, Facebook, Twitter.

9. Cookie Management Users can manage cookies via browser settings:

• Edge

• Internet Explorer

• Chrome

• Safari

• Firefox

• Opera

Mobile devices:

• Android

• Safari (iOS)

• Windows Phone