§1 Personal data administration

1. The administrator of personal data is MAGDALENA OGŁUSZKA, conducting business activity under the name Chartist MAGDALENA OGŁUSZKA, Żabczanka 14B, 97-420 Żabczanka. The company is registered in the Central Register and Information on Business Activity under the number NIP: 7692238306, REGON 388034410.

2. Contact with the person supervising the processing of personal data in the organization is possible electronically at the e-mail address: MEG@HARMONIADOM.COM or phone number 697 024 757.

3. This Policy contains rules regarding the processing of personal data by the Administrator on the Website, including the basis, purposes and scope of personal data processing and the rights of data subjects.

4. Personal data are processed by the Administrator in accordance with applicable legal provisions, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.

5. The User’s rights are not absolute and do not apply to all personal data processing activities.

§2 Definitions

1. Administrator – MAGDALENA OGŁUSZKA, with the company registered by name Chartist MAGDALENA OGŁUSZKA, Żabczanka 14B, 97-420 Żabczanka. The company is registered in the Central Register and Information on Business Activity under the number NIP: 7692238306, REGON 388034410.

2. Personal data – information about a natural person identified or identifiable through one or more specific factors determining their physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, internet identifier and information collected through cookies and other similar technologies.

3. Policy – ​​this Privacy Policy.

4. GDPR / GDPR Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

5. Website – the website run by the Administrator at the address https://www.harmoniadom.com.

6. User – any natural person visiting the Website or using one or more services or functionalities described in the Policy.

§3 Safety

1. The Administrator has implemented appropriate technical and organizational measures to ensure the security of personal data processing, and in particular is responsible and ensures that the data collected by him are:

   • processed in accordance with the law;

   • collected for specified, lawful purposes and not subject to further processing incompatible with those purposes;

   • factually correct and adequate in relation to the purposes for which they are processed;

   • stored in a form which enables identification of data subjects for no longer than is necessary to achieve the purpose of processing, and

   • processed in a way that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organisational measures.

   • the user can learn how their data is processed on external services such as Squarespace and Lodgify on the websites:

     • https://www.squarespace.com/privacy

     • https://www.lodgify.com/privacy/

§4 Purposes and legal basis of data processing

1. Pursuant to Article 6(1)(a) of the GDPR Regulation (consent), personal data will be processed for the purposes of:

   • marketing of products and services of the Administrator and the Administrator’s partners,

   • sending the Newsletter,

   • moderation of content on the Website,

   • saving data in cookies, as well as using cookies for the proper functioning of the Service,

   • giving opinions about a product or service,

   • participating in a webinar or online training,

   • contact via distance communication tools, in particular: telephone, email or application.

2. Pursuant to Article 6(1)(b) of the GDPR Regulation (performance of the contract), daily data will be processed for the purposes:

   • Execution of a sales contract or a contract for the provision of a Service or taking action at the request of the data subject before or after the conclusion of the indicated contract, in particular: the right to warranty, consideration of a complaint or withdrawal from a contract concluded at a distance

   • Pursuant to Article 6 paragraph 1 letter c) of the GDPR Regulation (legal obligation incumbent on the Administrator), daily data will be processed for the purposes of:

   • Issuing and storing invoices, bills or fulfilling other obligations resulting from tax and accounting regulations (archiving obligation regarding accounting documents).

   • Creation of registers and other documentation required by the provisions of the GDPR.

3. Pursuant to Article 6 paragraph 1 letter f) of the GDPR Regulation (legitimate interest of the Administrator), daily data will be processed for the purposes:

   • Proper performance of the contract, will be processed for the duration of the contract and the rights arising from it, e.g. the right to complain. Providing data is voluntary, but necessary.

   • Safeguarding the security of the Service, management of the Service and its proper operation.

   • Conducting statistics and analysis of traffic on the Website via Squarespace and Google Analytics.

   • Direct marketing.

   • Determining claims made by or against the Administrator.

   • Contact with the User.

   • Service support https://www.harmoniadom.com.

   • Maintaining accounts on Facebook, Instagram, LinkedIn and interacting with Users of the indicated portals.

   • Data may be transferred to the following recipients or categories of recipients of personal data, i.e. courier companies, postal operators, law firms, accounting firms, suppliers and service providers of IT services.

§5 Profiling

1. The GDPR Regulation imposes on the Controller the obligation to inform about automated decision-making, including profiling, referred to in Article 22 paragraphs 1 and 4 of the GDPR Regulation, and – at least in these cases – relevant information about the principles of their making, as well as the significance and foreseeable consequences of such processing for the data subject. With this in mind, the Controller provides information on possible profiling in this point of the privacy policy.

2. The Administrator may use profiling on the Website for marketing purposes using personal data provided by the User.

3. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects him or her in a similar manner.

§6 The period of processing of Personal Data

1. The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, data is processed for the duration of the service, until the consent is withdrawn or an effective objection is raised to data processing in cases where the legal basis for data processing is the legitimate interest of the Administrator.

2. The data processing period may be extended if processing is necessary to establish and pursue potential claims or defend against claims, and after that time only if and to the extent required by law. After the processing period, the data is irreversibly deleted or anonymized.

§7 User rights

1. The User has the following rights in relation to his/her personal data:

   • access to your personal data,

   • rectify your personal data at any time,

   • deletion of your personal data at any time,

   • receive a copy of your data,

   • restrictions on the processing of personal data,

   • object to the processing of personal data,

   • transfer of personal data,

   • withdrawal of consent; withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal,

   • object to the processing of personal data based on the legitimate interest of the Administrator for marketing purposes, direct marketing and non-marketing purposes,

   • to lodge a complaint with the supervisory authority.

§8 Recipients of personal data

1. In order to properly run the Website, the Administrator transfers the User's personal data to other external entities, in particular: reservation systems, hosting company, Squarespace, payment operators, banks.

2. The Administrator reserves the right to disclose personal data when this is required by applicable law, including the obligation to provide information to the relevant administrative or law enforcement authorities.

§9 Transfer of personal data outside the EEA

1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers Personal Data outside the EEA only when necessary, in particular when using the services of an international entity. However, it always ensures an adequate level of protection, primarily through:

   • cooperation with entities processing Personal Data in countries for which an appropriate decision of the European Commission has been issued regarding the assurance of an adequate level of protection of Personal Data;

   • application of binding corporate rules approved by international certification standards and the relevant supervisory authority;

   • use of standard contractual clauses issued by the European Commission under Article 46 of the GDPR.

   • Personal data may also be transferred outside the EEA based on the User's consent. The User is informed of this event in advance.

§10 Personal Data Security

1. The Administrator conducts ongoing risk analysis to ensure that Personal Data is processed by him in a secure manner. Through his actions, he ensures, first and foremost, that only authorized persons have access to the data and only to the extent necessary for the tasks they perform.

2. The Administrator is obliged to take all actions permitted by law to ensure that all operations on Personal Data are recorded and performed only by an authorized entity.

3. The Administrator is also obliged to ensure that other entities cooperating with the Administrator guarantee the application of appropriate security measures whenever they process Personal Data on behalf of the Administrator.

§11 Changes to Privacy Policy

1. The policy is constantly reviewed and updated.

2. The current version of the Policy has been adopted and is effective from 2024-08-31.