- Service - the internet service "nfustudio.com" operating at https://nfustudio.com
- External Service - internet services of partners, service providers, or service recipients cooperating with the Administrator
- Service Administrator / Data Controller - The Service Administrator and Data Controller (hereinafter referred to as the Administrator) is the company "NFU STUDIO Sp. z o.o.", conducting business at the address: ul. Sitnicka 117 21-500 Biała Podlaska, with the assigned tax identification number (NIP): 5372663610, with the assigned National Court Register (KRS) number: 0000956779, providing electronic services through the Service
- User - a natural person for whom the Administrator provides electronic services through the Service.
- Device - an electronic device with software through which the User gains access to the Service
- Cookies - text data collected in the form of files placed on the User's Device
- GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
- Personal Data - means information about an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
- Processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
- Restriction of processing - means the marking of stored personal data with the aim of limiting their processing in the future
- Profiling - means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements
- Consent - means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
- Personal Data Breach - means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed
- Pseudonymisation - means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person
- Anonymisation - Anonymisation of data is an irreversible process of operations on data that destroys / overwrites "personal data", making identification or association of a given record with a specific user or natural person impossible.
§2 Data Protection Officer
Based on Art. 37 GDPR, the Administrator has not appointed a Data Protection Officer.
In matters related to data processing, including personal data, please contact the Administrator directly.
§3 Types of Cookies
Internal Cookies - files placed and read from the User's Device by the teleinformation system of the Service
External Cookies - files placed and read from the User's Device by the teleinformation systems of external services. Scripts of external services that may place Cookies on the User's Device have been deliberately placed on the Service through scripts and services provided and installed on the Service
Session Cookies - files placed and read from the User's Device by the Service during one session of a given Device. After the session ends, the files are removed from the User's Device.
Permanent Cookies - files placed and read from the User's Device by the Service until they are manually removed. Files are not removed automatically after the end of the Device's session unless the User's Device configuration is set to the mode of deleting Cookies after the end of the session of the Device.
Necessary Cookies - files that enable the use of services available within the Service, e.g. authentication cookies used for services that require authentication within the Service.
Performance Cookies - files that enable the collection of information on how to use the Service's pages.
Functional Cookies - files that enable "remembering" the settings selected by the User and personalizing the User's interface, e.g. in the scope of the selected language or region from which the User comes, font size, appearance of the website, etc.
Advertising Cookies - files that enable users to provide advertising content more tailored to their interests.
§4 External Services
The Administrator informs that they may use external services for the purpose of:
§5 Possibilities to Determine the Terms of Storage and Access to Cookies
The User may at any time independently change the settings for Cookies, specifying the conditions for their storage and access to the User's Device by Cookies. Changes to the settings referred to in the previous sentence can be made by the User using web browser settings or by configuring the service.
These settings can be changed in particular in such a way as to block the automatic handling of Cookies in the web browser settings or inform about their every posting on the User's device. Detailed information about the possibilities and ways of handling Cookies are available in the software (web browser) settings.
The User can delete Cookies at any time using the features available in the web browser they are using.
§6 Server Logs
Information about some of the behaviors of Users are subject to logging in the server layer. This data is used only for the purposes of administering the Service and ensuring the most efficient service of the hosting services provided.
Browsed resources are identified by URLs. In addition, the following may be saved:
- date of request,
- time of reply,
- the name of the client's station - identification carried out by the HTTP protocol,
- information about errors that occurred in the implementation of the HTTP transaction,
- URL address of the page previously visited by the user (referrer link) - in the case when the transition to the Service was made through a link,
- information about the user's browser,
- IP address information.
The data above is not associated with specific people browsing the pages.
The data above is used only for server administration purposes.
§7 Sharing Data
Data may be made available to external entities only within the limits permitted by law.
The administrator may be required to provide information collected by the Service to authorized bodies based on lawful requests to the extent resulting from the request.
§8 Managing Cookies - How to Express and Withdraw Consent
If the User does not want to receive Cookies, they may change the browser settings. We reserve that disabling Cookies necessary for authentication processes, security, maintaining User preferences may make it difficult, and in extreme cases may prevent the User from using the websites.
To manage Cookie settings, select the web browser you use from the list below and follow the instructions:
- Internet Explorer
- Mobile devices: Android, Safari, Windows Phone
§9 Links to Other Websites
The Administrator is not responsible for the privacy practices of websites that are linked to the Service.
§10 Final Provisions
The Administrator uses technical and organizational measures to ensure the protection of processed personal data adequate to the risks and category of data being protected, and in particular protects the data against unauthorized access, takeover by an unauthorized person, processing with a violation of the applicable laws, and against their loss, damage or destruction.
The Administrator provides the following technical measures to prevent the acquisition and modification by unauthorized persons of personal data sent electronically:
- Securing the data set against unauthorized access.
The Administrator shall provide:
- access to the Service with the use of encryption (SSL certificate).
The Administrator shall take all possible measures to identify and counteract threats related to the violation of the security of processed data, in particular threats resulting from the actions of persons unauthorized to process them, as well as shall provide:
- securing the data set against unauthorized access.