I. General Information
This Policy has been issued by the Personal Data Controller – Optimum Process Spółka z ograniczoną odpowiedzialnością with its registered office in Poland, in Warsaw (02-222), al. Jerozolimskie 181B, NIP 5213786607, KRS 0000684901, REGON 367693875 and is addressed to all users (hereinafter: the “Users”) of the website www.celebrio.app and the application https://online.celebrio.app/ (hereinafter: the “Website”).
This Policy may be changed and updated in order to account for changes in the Administrator’s practices related to the Processing of Personal Data or changes in the provisions of generally applicable law. We encourage you to read this Policy carefully and to check it regularly for any changes that the Administrator may introduce in accordance with the provisions of this Policy.

II. Processing of Users’ Personal Data
We assume no responsibility for any photos/videos/media uploaded to your account. It is your responsibility to ensure that all media uploaded to your digital wall/shared album are safe, appropriate, and lawful, and that they do not infringe any trademarks.

Acquisition of Personal Data: The Administrator may acquire Users’ Personal Data such as: first name, last name, email address, phone number. The Administrator may acquire Users’ Personal Data, in particular, in the following cases:

• when Users provide their Personal Data (e.g., via email, telephone, contact form, or in any other way).
• when Users’ Personal Data is obtained as a result of conducting business relations / entering into or performing a contract – fees for using the Service https://online.celebrio.app/
• when Users’ Personal Data is obtained or when Users are asked to provide their Personal Data during visits to the Administrator’s websites or when using any features or resources available on or through the Website. When Users visit the Website, Users’ devices and browsers may automatically provide certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connecting to the Website, and other technical information regarding communication), some of which may constitute Personal Data. When visiting the Website, no Users’ Personal Data will be stored by the Administrator without the Users’ prior, explicit consent. However, the temporary storage of log files and cookies facilitates the use of our Website. For this reason, Users are asked to give their consent on our Website. Providing the above-mentioned consent is optional and does not affect the ability to use the Website. In some cases, without such consent, the ability to use our Website may be somewhat limited.

Processed Personal Data: The categories of Users’ Personal Data processed by the Administrator may include:

• Personal details: first name(s), last name(s),
• Contact details: phone number, email address,
• Payment data: bank account number, name and surname of the bank account holder, credit card number,
• Contents of communications: messages stored in the Service only to the extent necessary for their secure storage by the User.

Processing of personal data on social media: The Administrator may use fanpage-type profiles on social media platforms. Public data provided by social media users may be used for the purpose of:

• responding to private messages addressed to us,
• conducting discussions in the form of comments under individual posts,
• sharing our posts with people following our Fanpage,
• marketing aimed at informing about our services and about us through posts that we publish on our Fanpage, including sponsored posts that are displayed to a wider audience,
• statistical purposes consisting in presenting data on views of our posts, their reach, the number of interactions, and demographic data of our followers; the data presented to us by social media platform owners are statistical data, but they are created based on those companies’ observation of your behavior on our Fanpage.

Legal bases for the Processing of Personal Data: When Processing Users’ Personal Data for the purposes indicated in this Policy, the Administrator may rely on one or more of the following legal bases, depending on the circumstances:

• Processing is based on the prior voluntary, specific, informed, and unambiguous consent of the User to the Processing;
• Processing is necessary for the performance of a contract that the User has concluded or intends to conclude with the Administrator;
• Processing is necessary to fulfill a legal obligation incumbent on the Administrator;
• Processing is necessary to protect the vital interests of any natural person;
• Processing is necessary for the management, operation, and promotion of the Administrator’s activities and does not adversely affect the interests or fundamental rights and freedoms of the User.

Purposes of Processing Personal Data: The purposes for which the Administrator may process Users’ Personal Data are as follows:

• Administrator’s Website: operating and managing our Website, presenting its content; publishing advertisements and other promotional and marketing information; communication and contacts with customers and suppliers, as well as potential employees or contractors, through our Website.
• Offering Users the Administrator’s products and services: presenting our Website and other services; communication related to the Administrator’s services.
• Marketing communication: presenting in any form (including email, phone, text message, social media, mail, and personal contact) messages and other information that may interest Users, including distributing newsletters and other commercial information, after obtaining prior consent from Users to receive information in the appropriate manner, based on generally applicable legal provisions.
• Communication and IT operations: managing communication systems, operating for IT security purposes, and conducting IT security audits.
• Financial management: sales, finance, audit, and sales management.
• Improving our products and services: identifying issues with existing products and services; planning improvements to existing products and services; and creating new products and services.

III. Sharing Personal Data with third parties
The Administrator may share Users’ Personal Data with:

• administrative or judicial authorities, upon their request, for the purpose of reporting an actual or suspected violation of applicable law;
• persons conducting audits, lawyers, PR agencies, subject to the confidentiality obligation arising from a contract or binding these entities by law;
• third parties processing data on behalf of the Administrator, regardless of their place of business, in accordance with the requirements set out in this Section III below;
• any entity competent for the purpose of preventing, investigating, detecting, or prosecuting criminal offenses or executing criminal measures, including safeguarding and preventing threats to public security;
• any acquiring entity in the event of a sale or transfer of any organized part of the Administrator or shares in the Administrator’s share capital (including in the event of reorganization, dissolution, or liquidation).

Notwithstanding the above, the Website may use plugins or content presented by third parties. If Users decide to use them, Users’ Personal Data may be shared with third parties or social media platforms. The Administrator hereby recommends that you read the third party’s privacy policy before using its plugins or content.

If we engage a third party to Process Users’ Personal Data, under a data processing agreement concluded with such an entity, the Processor shall be obliged to: (i) Process only the Personal Data specified in the Administrator’s prior written instructions; and (ii) apply all confidentiality and security measures for Personal Data and ensure compliance with all other requirements of generally applicable law.

The entity processing Users’ Personal Data obtained via the Website is Optimum Process Spółka z ograniczoną odpowiedzialnością, which is the creator of this Website. The technical support service related to the use of the Website is provided by Optimum Process Spółka z ograniczoną odpowiedzialnością. This entity stores and processes Users’ Personal Data obtained during the Users’ use of the Website. The Processor ensures the full security of Users’ Personal Data by using appropriate and up-to-date technical and organizational measures. The Processor may not use the Personal Data provided to it by the Administrator for purposes other than those for which it was entrusted by the Administrator.

IV. International transfer of Personal Data
At present, the Administrator does not transfer and does not intend to transfer any Users’ Personal Data to third countries that are not members of the European Union or to international organizations. If such a need arises, this Policy will be modified, and the transfer of Users’ Personal Data may take place only on the basis of standard contractual clauses, which the Administrator will implement before transferring such Personal Data. In this case, Users will have the right to request a copy of the standard contractual clauses used by the Administrator, using the contact details indicated in Section XII below.

V. Data Protection
The Administrator informs that it has implemented appropriate technical and organizational security measures to protect Personal Data, in particular safeguards against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful and unauthorized forms of Processing, in accordance with applicable law. The Administrator is not responsible for any actions or omissions of Users. Users are responsible for ensuring that all Personal Data is transmitted to the Administrator in a secure manner.

VI. Data Accuracy
The Administrator takes all appropriate measures to ensure that:

• Users’ Personal Data processed by the Administrator is accurate and, if necessary, updated; and
• All Users’ Personal Data processed by the Administrator that is inaccurate (having regard to the purpose for which it is processed) is erased or rectified without undue delay.

At any time, the Administrator may ask Users to verify the accuracy of the Personal Data being processed.

VII. Data Minimization
The Administrator takes all appropriate measures to ensure that the scope of Users’ Personal Data it processes is limited to the Personal Data reasonably required for the purposes indicated in this Policy.

VIII. Data Retention
The criteria determining the duration of the period in which the Administrator stores Users’ Personal Data are as follows: The Administrator stores copies of Users’ Personal Data in a form allowing identification only for as long as it is necessary to achieve the purposes indicated in this Policy, unless the provisions of generally applicable law require a longer period of storing Personal Data. In particular, the Administrator may store Users’ Personal Data for the entire period necessary to establish, exercise, or defend legal claims.

IX. Users’ Rights
In accordance with the provisions of the General Data Protection Regulation, with respect to Users’ Personal Data processed by the Administrator, Users have the following rights:

• the right of access to personal data;
• the right to rectify personal data;
• the right to erase personal data;
• the right to restrict the processing of personal data;
• the right to data portability;
• the right to object to the processing of personal data;
• the right not to be subject to a decision based solely on automated processing.

If the Processing of Personal Data is based on the consent given by the Users, Users have the right to withdraw such consent at any time without affecting the lawfulness of the Processing carried out on the basis of consent before its withdrawal.

In the event of improper Processing of Personal Data, Users have the right to lodge a complaint with the national data protection supervisory authority, i.e., the President of the Personal Data Protection Office.

The above does not affect the Users’ rights arising from acts or other provisions of generally applicable law.

To exercise one or more rights, or to inquire about these rights or any other provisions of this Policy or the Processing of Users’ Personal Data, please contact us using the contact details indicated in Section XII below.

X. Cookies
The Administrator uses the following Websites:
https://online.celebrio.app/ and https://celebrio.app

When a user uses the Website, data about the user is automatically collected. This data includes: IP address, domain name, browser type, operating system type. This data may be collected by cookies (so-called “ciasteczka”), by the Google Analytics system, and may be recorded in server logs.

Cookies are small text files sent to the user’s computer or other end device when browsing the Website. Cookies remember the user’s preferences, which makes it possible to improve the quality of services provided, enhance search results, improve the relevance of displayed information, personalize the Website, and create Website statistics.

The user may opt out of cookies (or set the relevant preferences for their use in the browser) by selecting the appropriate settings in the web browser they use.

The user consents to the storage or access to cookies by the Service Provider by reading the message on the use of cookies during the first visit to the Website and by selecting consent for all cookies or selecting certain cookies. The user may change the way cookies are used at any time via the settings of the browser installed on the user’s device.

The Administrator uses the following types of cookies:

1. Technical cookies – files of key importance, enabling users to navigate the Website and use its features, such as access to secure areas of the Website.
2. Performance cookies – collect information about how users use the Website, which parts of the Website they visit most frequently.
3. Functional cookies – record choices made by users (such as username, language, or the region where users are located).

The data provided by the user or collected automatically is used by the Administrator in order to:

1. ensure the proper functioning, configuration, security, and reliability of the Website,
2. monitor the session status,
3. adjust the displayed information to the user’s preferences,
4. carry out analyses, statistics, research, and audits of the Website’s views.

Any additional questions regarding the use of cookies should be sent to the email address: [email protected]. The rules set out in this Policy are governed by Polish law.

XI. Contact Details
If you have any questions, doubts, or comments regarding the information contained in this Policy or other matters related to the Processing of Users’ Personal Data by the Administrator, including in order to exercise the rights referred to in Section IX of this Policy, please contact us at the following email address: [email protected].

XII. Definitions

1. Administrator means the entity that decides how and for what purposes Personal Data is Processed. The Administrator is responsible for compliance of the Processing with applicable data protection law.
2. Personal Data means any information about any identified natural person or a natural person who can be identified. Examples of Personal Data that the Administrator may process are listed in Section II above.
3. Process, Processing, or Processed means any operation performed on Personal Data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or making available in any other way, alignment or combination, restriction, erasure, or destruction.
4. Processor means any person or entity that Processes Personal Data on behalf of the Administrator (other than an employee of the Administrator).

‍