Privacy

Privacy Policy Bezcieniowa.pl

Date of entry into force: 14.10.2025
Last updated: 14.10.2025

1. General information

This Privacy Policy sets out the rules for the processing and protection of personal data of persons using the Bezcieniowa.pl website (hereinafter: the “Website”), including users, customers, persons contacting the company.
The administrator of personal data is:
Michał Żyliński Photography
Address: Wygoda 7B, 28-313 Imielno
NIP: 7431929879
Contact Email: kontakt@bezcieniowa.pl
Contact phone: +48 533 410 388
In matters of personal data protection, you can contact the Administrator at the above e-mail address or by letter to the address of the company’s registered office.
If a company has appointed a Data Protection Officer (DPO), his/her contact details will be made available – in the absence of a DPO, this point can be omitted or marked that it is not required.
Personal data is processed in accordance with applicable law, including: Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), the Personal Data Protection Act and the Act on the Provision of Services by Electronic Means.
Every person whose data is processed has the right to:
- access to data,
- rectification (correction) of data,
- erasure of data (“right to be forgotten”),
- restriction of processing,
- data portability,
- to lodge an objection,
- withdraw consent (if the processing is based on consent),
- filing a complaint with a supervisory authority (in Poland – the President of the Personal Data Protection Office).

2. Scope, purposes, legal basis and data retention period

Below is an example of a table with data categories, processing purposes, legal basis, and retention period. Customize the details to suit your own processes.

category basis system office specifications analysis technology

Data	Purpose of processing	Legal	Recipients/processors	Storage period / criterion
Name, surname, email address, phone (and other contact details)	Processing of photographic orders, customer service, contact	Performance of the contract / pre-contractual actions (Article 6(1)(b) of the GDPR)	Courier company, payment operator, IT service providers, CRM	For the period necessary to perform the service + the limitation period for claims (usually 5 years)
Invoice data (address, NIP)	Issuance of accounting documents, tax settlements	Legal obligation (Article 6(1)(c) of the GDPR)	Accounting office, tax	Period required by tax law (e.g. 5 years)
IP address, login details, device/browser	Ensuring security, preventing abuse, traffic	Legitimate interest of the Administrator (Article 6(1)(f) of the GDPR)	Hosting providers, IT service providers, analytics	Period necessary for safety analysis (e.g. several months to 1-2 years)
Cookies/analytics technologies (anonymized/pseudonymized)	Traffic analysis, statistics, content personalization, marketing	Your consent (Article 6(1)(a)) or – in certain situations – legitimate interest ((f))	Providers of analytical tools (e.g. Google Analytics), providers of cookie	Depending on the type of cookies (e.g. until the withdrawal of consent or a set deadline)

3. Consents and withdrawal of consent

Where data processing is based on consent (e.g. marketing, newsletter), you can withdraw your consent at any time. The revocation does not affect the lawfulness of the processing that took place before the withdrawal of consent.
Withdrawal of consent may be made by:
- clicking on the unsubscribe link in the newsletter,
- sending an email to kontakt@bezcieniowa.pl,
- other mechanisms provided for on the Website.

4. Data sharing and transfer outside the EEA (European Economic Area)

Users’ data may be made available to cooperating entities (e.g. courier companies, payment operators, IT service providers, accounting offices) only to the extent necessary to achieve a given purpose.
If the data is to be transferred outside the EEA (e.g. cloud services from outside the EU), the Controller will ensure appropriate safeguards (e.g. standard contractual clauses, decisions stating the appropriate level of protection, user consents).
You will be informed of such transfers, their purpose, and the risks and safeguards in place.

5. Rights of data subjects

Persons whose data are processed have the right to:

access to your data,
rectification of data,
erasure of data (unless there are other legal grounds for further processing),
restriction of processing,
data portability (if the processing is carried out by automated means on the basis of a contract or consent),
object to processing (when the processing is based on the legitimate interest of the Administrator),
withdraw consent (if the processing is based on consent),
filing a complaint with the supervisory authority (in Poland: the President of the Personal Data Protection Office).

If a person whose data has been disclosed to other recipients requests deletion or restriction of processing, the Administrator will inform these recipients – unless it is impossible or would require excessive effort.

6. Data retention period

The data will be stored:

for the period of implementation of the purpose for which they were collected (e.g. performance of a contract, customer service),
for the time required by law (e.g. tax regulations, archiving),
until the withdrawal of consent (for data processed on the basis of consent),
Technical data/logs – for the period necessary to ensure security (e.g. several months to 1-2 years).

After these periods, the data will be deleted or anonymized (if possible).

7. Security measures

The Administrator applies technical and organizational measures adequate to the risk, including:

transmission encryption (TLS/SSL),
protection of access to systems (strong passwords, roles and permissions),
regular backups and emergency procedures,
restricting access to data to authorized persons,
data processing entrustment agreements with processors,
audits, monitoring and risk assessments,
ensuring the confidentiality of data processors.

8. Cookies and Tracking Technologies

The Website uses cookies and similar technologies (e.g. localStorage, beacons) to:
- maintaining user sessions,
- remembering preferences,
- analyze traffic and statistics,
- marketing and remarketing activities,
- personalization of content and advertising.
Cookies can be own (Bezcieniowa.pl) or external (e.g. Google Analytics, marketing tools).
Upon first access, the user can consent to the use of cookies (especially marketing/analytical).
The User can change the cookie settings in their browser (block, delete).
Details on the type of cookies, their purposes, storage period and how to opt-out are included in the Cookies Policy (or in an appendix/separate section of the Website).

9. Profiling / automated decision-making

If Bezcieniowa.pl uses profiling or other automated decision-making (e.g., marketing segmentation, recommendations), this policy should describe:

the purpose of profiling,
the categories of data used in profiling,
possible consequences for the user,
your rights (e.g. the right to request human intervention, clarification of a decision, objection).

If you don’t currently use such mechanisms, you can add a notation:

“We do not use profiling or automated decision-making that leads to legal effects or significantly affects you.”

10. Changes to the Privacy Policy

The Administrator reserves the right to make changes to this Policy (e.g. due to technological changes, expansion of business, legal changes).
Users will be informed about significant changes – e.g. by means of a message on the Website, e-mail notification (if applicable).
The new version of the Policy will be marked with the date of update and published on the Website.
For changes that extend the scope or manner of data processing, it may be necessary to obtain consent from users again.

11. Final provisions

If any of the provisions of the Policy conflict with applicable law, the law shall prevail.
If a part of the Policy becomes invalid or ineffective, the remaining provisions are not affected.
The Policy is effective from the date of its publication on the Website and remains in force until changed.