PRIVACY POLICY OF THE WEBSITE

WWW.KARINAPHOTO.COM

§ 1 GENERAL PROVISIONS

The administrator of personal data collected via the website www.karinaphoto.com is Eugene Rak conducting business under the name DOBRO EUGENE RAK, entered into the Central Register and Information on Economic Activity of the Republic of Poland kept by the minister competent for the economy, correspondence address: ul. Hemara 21/48, 80-280 Gdańsk, NIP: 5842816437, REGON: 521712378, e-mail address: kariroomstudio@gmail.com, phone number: +48732916812, hereinafter referred to as the "Administrator" and also the "Service Provider." Personal data collected by the Administrator via the website is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation – GDPR) and the Consumer Rights Act of 30 May 2014. All terms capitalized in this Privacy Policy shall be interpreted in accordance with their definitions provided in the Terms and Conditions of the website www.karinaphoto.com.

§ 2 TYPES OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION

1. PURPOSE OF PROCESSING AND LEGAL BASIS. The Administrator processes personal data of the Users of www.karinaphoto.com in the following cases: 1.1. when making a Booking on the website, for the purpose of performing a Lease Agreement under Article 6(1)(b) GDPR (performance of a contract), 1.2. when placing an Order on the website, for the purpose of performing a Sales Agreement, Agreement for the supply of Digital Content or Service Agreement under Article 6(1)(b) GDPR (performance of a contract), 1.3. when using the Contact Form to send a message to the Administrator under Article 6(1)(f) GDPR (legitimate interest of the business entity), 1.4. when using the Review System, to collect opinions about the Agreement with the Administrator under Article 6(1)(f) GDPR (legitimate interest of the business entity).
2. TYPES OF PERSONAL DATA PROCESSED. The User provides the following data: 2.1. For a Booking: name and surname, tax ID number (NIP), email address, phone number, 2.2. For an Order: name and surname, address, tax ID number (NIP), email address, phone number, 2.3. For the Contact Form: name, email address, phone number, 2.4. For the Review System: name, email address.
3. DATA RETENTION PERIOD. Personal data of Users is stored by the Administrator: 3.1. if the basis for data processing is contract performance – for as long as necessary to perform the contract, and thereafter for the period of the statute of limitations for claims. Unless a specific law states otherwise, the statute of limitations is six years, and for claims related to periodic services or business activity – three years, 3.2. if the basis for data processing is consent – until the consent is withdrawn, and after withdrawal for the statute of limitations for claims that may be raised by or against the Administrator.
4. During use of the website, additional information may be collected, especially: IP address, external IP address of the internet provider, domain name, browser type, access time, operating system.
5. With separate consent under Article 6(1)(a) GDPR, data may also be processed to send commercial information by electronic means or for direct marketing via telephone – in accordance with Article 10(2) of the Act on Provision of Electronic Services or Article 172(1) of the Telecommunications Law, including through profiling.
6. Navigational data, such as information about clicked links or other user actions, may also be collected for improving the service functionality (Article 6(1)(f) GDPR).
7. Providing personal data by the User is voluntary.
8. The Administrator takes special care to protect the interests of data subjects and ensures that: 8.1. data is processed lawfully, 8.2. collected for specified, lawful purposes and not further processed incompatibly, 8.3. substantively correct and adequate for the purposes for which they are processed, and stored in a form allowing identification no longer than necessary.

§ 3 DISCLOSURE OF PERSONAL DATA

1. Users' personal data may be shared with service providers used by the Administrator, including: 1.1. payment service providers, 1.2. accounting services, 1.3. hosting providers, 1.4. software providers for business operations, 1.5. mailing system providers, 1.6. providers of software needed for running the website.
2. Service providers may act either as processors under the Administrator’s instructions or as independent data controllers, depending on contractual arrangements.
3. Personal data is stored exclusively within the European Economic Area (EEA), subject to §5 pt. 5 and §6 of this Policy.

§ 4 RIGHT TO CONTROL, ACCESS, AND CORRECT YOUR DATA

1. Data subjects have the right to access, correct, delete, restrict processing, data portability, object to processing, and withdraw consent at any time, without affecting prior lawful processing.
2. Legal basis for user requests: 2.1. access – Article 15 GDPR, 2.2. correction – Article 16 GDPR, 2.3. deletion – Article 17 GDPR, 2.4. restriction – Article 18 GDPR, 2.5. portability – Article 20 GDPR, 2.6. objection – Article 21 GDPR, 2.7. withdrawal of consent – Article 7(3) GDPR.
3. To exercise these rights, send an email to: kariroomstudio@gmail.com
4. The Administrator shall fulfill the request or deny it within one month of receipt. If complex, this period may be extended by two more months, provided the User is informed within the first month.
5. If data processing is deemed to violate GDPR, the data subject may file a complaint with the President of the Personal Data Protection Office.

§ 5 COOKIES

1. The Administrator’s website uses cookies.
2. Cookies are necessary for the proper functioning of the website and enable basic statistics.
3. Types of cookies used: 3.1. "session" cookies – temporary, stored until the User logs out or closes the browser, 3.2. "persistent" cookies – stored for a defined time or until deleted by the User.
4. Internal cookies gather information on how Users interact with the website. This data is anonymous and used for statistical purposes.
5. External cookies are used by tools like Google Analytics, Microsoft Clarity, Facebook Pixel, and Facebook Ads.
6. Advertising networks (e.g., Google) may use cookies to display ads tailored to how the User uses the website.
7. The User can control cookies through: 7.1. consent preferences shown at first entry to the site, 7.2. browser settings, with details provided in browser documentation.

§ 6 ADDITIONAL SERVICES RELATED TO USER ACTIVITY

1. The website uses social media plugins ("plugins") of Facebook, TikTok, Microsoft Clarity, Pinterest, and Instagram.
2. When loading the site, the User’s browser connects directly to the servers of these providers, which may result in data transmission (including IP address) to the US.
3. If the User is logged into a social network, the provider may link the visit to the User’s profile.
4. When a plugin is used (e.g., "Like", "Share"), the relevant data is also transmitted.
5. Details are provided in the privacy policies of these providers:

• https://www.facebook.com/policy.php
• https://help.instagram.com/519522125107875?helpref=page_content
• https://www.tiktok.com/legal/page/us/privacy-policy/en
• https://policy.pinterest.com/pl/privacy-policy
• https://privacy.microsoft.com/privacystatement

6. Users can prevent this linking by logging out of their accounts or using browser tools like "NoScript."
7. The site uses Google Ads remarketing tools. The use of Google cookies is governed by Google LLC.

§ 7 FINAL PROVISIONS

1. The Administrator uses appropriate technical and organizational measures to protect personal data from unauthorized access, loss, alteration, or destruction.
2. Security measures include systems preventing unauthorized access and data alteration during electronic transmission.
3. In matters not regulated herein, the provisions of GDPR and relevant Polish law shall apply.