WEBSITE PRIVACY POLICY

effective June 1, 2023.

§ 1.
General provisions

1. This Privacy Policy presents the most relevant information about the processing of personal data on the wishgram.app Website.

2. The owner of the Website is Julia Chrzanowska.

§2.
The administrator of personal data

The administrator of the personal data is Julia Chrzanowska.

You may contact the Data Controller by e-mail at kontakt@wishgram.app.

§3.
Purpose we process personal data

We process personal data for the following purposes:

• in order to maintain your Service Recipient Account – the personal information you provide to us at registration is necessary for you to place an order for our services;
• in order to implement the Sales Cart Service – the personal data you provide to us is necessary to complete the order, settle the contract and possibly assert our claims,
• for the purpose of responding to you by phone or email, including through a form on our website and individual social media communication channels (Instagram),
• in order to send you a newsletter – based on your consent to receive it, which you gave by registering for the newsletter,
• for marketing and statistical purposes – information about visits to our website and social media are related to the promotion and development of Wishgram and work to improve our products and the quality of our services.

§4.
Legal basis for processing personal data

The legal basis for our processing of personal data is respectively:

• contract or to take pre-contractual action at the request of the data subject (Article 6(1)(b) RODO),
• relevant legal regulations, if the processing is necessary to fulfill our legal obligations (6(1)(c) RODO), e.g. regulations specifying the scope of data we must indicate on an invoice,
• our so-called legitimate legal interest that we have in order to carry out marketing activities, create statistics on the use of the various functionalities of the website and maintain business relations with you (6(1)(f) RODO),
• Your consent sensitive in an unequivocal and voluntary manner (Article 6(1)(a) of the RODO) – in case such consent is requested and given to us, e.g. if you wish to receive newsletters,
• establishment, investigation or enforcement of claims, which is our legitimate interest to initiate proceedings and defend against claims in proceedings before courts and other state authorities (Article 6(1)(f) of the DPA).

§5.
Length of personal data processing period

We process personal data for as long as it is necessary to achieve the purposes indicated above, unless you make a valid and proper request to have your personal data deleted. At the same time, the period of processing may depend on the content of the laws that apply to us, such as in the case of the retention of financial documents or deadlines for the assertion of claims.

§6.
Sharing personal data with other entities

In some situations, further transfer of personal data may be necessary so that we can properly and professionally perform our contractual obligations and conduct our business. However, each time, before sharing personal data, we require the recipient to guarantee adequate protection and confidentiality.

We may transfer your personal data:

• entities complicit in our performance of contracts: accounting firms, IT service providers, hosting providers, payment system provider,
• entities whose assistance and services we use in the course of our business under separate agreements: providers of tools for website activity analysis and direct marketing, providers of tools for creating landing pages and collecting leads, providers of office systems, providers of project management software, providers of communication software,
• to our authorized employees and associates for whom access to your data is necessary for the proper performance of their duties,
• authorized state bodies under applicable laws.

§7.
Transfer of personal data to third countries

As a rule, we do not transfer personal data to countries outside the European Union. However, if it becomes necessary to do so in connection with the sale of our products and the performance of our services, we will assess the circumstances and take care to ensure an adequate level of data security so that the processing is carried out in accordance with applicable legal regulations.

At the same time, we would like to inform you that in running our service we use services and technologies offered by entities such as: Facebook, Microsoft, Google, which are based in the United States. In light of the provisions of RODO, these will be the so-called entities located in third countries, with respect to which it is necessary to demonstrate the provision of an adequate degree of protection or mention of appropriate safeguards. Therefore, we assure you that the above entities have joined the Privacy Shield program on the basis of the European Commission’s implementing decision of July 12, 2016, and guarantee that they will comply with the high data protection standards that apply in the European Union. Therefore, the use of their services and offered technologies in the processing of personal data is lawful.

§8.
Processor of personal data

In providing the Sales Cart Service under the terms of the Terms and Conditions, we also act as a processor by processing the personal data of our Service Recipients’ customers. This data is collected and recorded as part of the Sales Cart Service in connection with the provision of separate services by our Service Recipients.

As a processor, we process data only on the documented instructions of the Personal Data Controller (on the basis of the Entrustment Agreement that is part of the Terms and Conditions), committing to properly secure the data by using appropriate technical and organizational measures and ensuring an adequate degree of security corresponding to the risks involved in the processing of personal data (in accordance with Article 32 of the RODO). We also ensure that the persons authorized by us for processing have undertaken to keep them confidential.

§9.
Cookies’s and other tracking technologies

Our website uses so-called Cookies (“cookies”), which are short text information stored on your computer, phone, tablet or other device, which can be read by our system, as well as by systems belonging to other entities whose services we use (Google). Thanks to cookies, we collect anonymous data about visits to the pages of our website, which we can then use to improve the features available on the website, identify errors or our marketing efforts.

Web browsers usually allow the use of Cookies on the end device by default. However, users can block and restrict the installation of Cookies at their own discretion through their browser settings or by using one of the many (free) solutions available. Please be advised that disabling or restricting the use of Cookies may cause difficulties in using the Website, e.g. it may result in longer page load times or limitations in using the functionality or liking the Facebook page.

§10.
Data protection methods

In order to ensure a high and consistent level of personal data protection, we use IT environment safeguards adequate for processing, as well as technical and organizational measures, among which are:

• TLS protocol encryption,
• backup creation,
• Equipping data centers with data protection mechanisms,
• Conducting regular security level tests,
• personal data security monitoring,
• Minimizing the risk of potential fraud and responding quickly when it occurs,
• Implementing data protection policies,
• Ensure the continued confidentiality, integrity, availability and resilience of services,
• Allow access to personal data only to authorized persons,
• Creating and regularly changing passwords for access to systems where personal data is processed.

§11.
Rights of persons whose data we process

Individuals whose data we process have the right to:

• Access to their personal data;
• rectification of personal data;
• deletion of personal data;
• limitation of personal data processing;
• object to the processing of personal data;
• portability of personal data;
• revoke consent to data processing.

However, the rights listed above are not absolute, and in some situations, after analysis, we may lawfully refuse to exercise them.

We would also like to inform you that withdrawal of consent to data processing will not affect the legality of data processing that took place on the basis of the consent given before its withdrawal.

If you request us to exercise any of the above rights, we will respond to your request immediately, but no later than one month from the date of receipt. If, due to the complexity of the request or the number of requests, we cannot fulfill your request within one month, we will fulfill it within another two months. However, we will inform you in advance of the intended extension of the deadline.

§12.
Complaining about irregularities in the processing of personal data

If you believe that your personal data is being processed by us in violation of applicable law, you may file a complaint with the President of the Personal Data Protection Authority.

§13.
Change of Privacy Policy

Data protection is a process that we adapt to current needs and changing technology. Therefore, our Privacy Policy may be supplemented or amended, of which we will inform you by posting information on our website, and in the event of significant changes, we will send separate notifications to registered service recipients by email.