Privacy Policy

§1. Personal Data Administrator

  1. The personal data administrator, within the meaning of Article 4, point 7 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), is Izabela Filipowska conducting business under the name Izabela Filipowska DIME QUE SÍ Spanish Academy,  located at ul. Paderewskiego 7, apt. 41, 97-400 Bełchatów, NIP: 7692075778, REGON: 529071039.
  2. The administrator’s email address: dimequesiacademy@gmail.com.
  3. In accordance with Article 32(1) of the GDPR, the administrator observes the principles of personal data protection and applies appropriate technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data processed in connection with the conducted business.
  4. Providing personal data by the customer is voluntary but necessary to conclude a contract with the data administrator.
  5. The administrator processes personal data to the extent necessary to fulfill the contract or provide services to the data subject.

§2. Purpose and Basis of Personal Data Processing

The administrator processes personal data for the following purposes:

  1. Preparing a commercial offer in response to customer interest, which is a legitimate interest of the data administrator (Article 6(1)(f) GDPR);
  2. Concluding and performing sales contracts with customers based on the concluded contract (Article 6(1)(b) GDPR);
  3. Providing electronic services via the online store based on the concluded contract (Article 6(1)(b) GDPR);
  4. Handling the complaint process based on the legal obligation of the data administrator in connection with applicable law (Article 6(1)(c) GDPR);
  5. Accounting related to issuing and receiving settlement documents based on tax law provisions (Article 6(1)(c) GDPR);
  6. Archiving data for potential establishment, pursuit, or defense against claims or the need to prove facts, which is a legitimate interest of the data administrator (Article 6(1)(f) GDPR);
  7. Telephone or email contact, especially in response to inquiries directed to the data administrator, which is a legitimate interest of the data administrator (Article 6(1)(f) GDPR);
  8. Sending technical information about the operation of the online store and services used by the customer, which is a legitimate interest of the data administrator (Article 6(1)(f) GDPR);
  9. Marketing, which is a legitimate interest (Article 6(1)(f) GDPR) or based on prior consent (Article 6(1)(a) GDPR).

§3. Data Recipients. Data Transfer to Third Countries

  1. Data recipients processed by the administrator may be entities cooperating with the administrator, if necessary to perform the contract concluded with the data subject, e.g., electronic payment operators or banking institutions handling installment payments.
  2. Data recipients processed by the administrator may also be subcontractors – entities whose services the administrator uses in data processing, e.g., accounting offices, law firms, IT service providers (including hosting services).
  3. The data administrator may be obliged to disclose personal data based on applicable law, especially to authorized public authorities or institutions.
  4. Personal data related to the use of website analysis and tracking tools by the administrator may be transferred to an entity based outside the European Economic Area, e.g., Google LLC. As a proper data protection measure, the data administrator has agreed to standard contractual clauses in accordance with Article 46 of the GDPR with the service providers. More information on this topic is available here: https://commission.europa.eu/law/law-topic/data-protection_en.

§4. Period of Personal Data Storage

  1. The data administrator stores personal data for the duration of the contract concluded with the data subject and after its termination for purposes related to the pursuit of claims related to the contract, fulfillment of obligations under applicable law, but no longer than the limitation period in accordance with the Civil Code provisions.
  2. The data administrator stores personal data contained in settlement documents for the period specified by tax law.
  3. The data administrator stores personal data processed for marketing purposes for up to 10 years but no longer than until the consent for data processing is withdrawn or an objection to data processing is raised.
  4. The data administrator stores personal data for purposes other than those specified in points 1-3 for one year, unless consent to data processing is withdrawn earlier, and data processing cannot continue on a basis other than the consent of the data subject.

§5. Rights of the Data Subject

  1. Every data subject has the right to:
  1. Access – obtain confirmation from the administrator whether their personal data is being processed. If data about a person is processed, they are entitled to access it and obtain the following information: processing purposes, categories of personal data, information about recipients or categories of recipients to whom the data has been or will be disclosed, the period of data storage or criteria for its determination, the right to request rectification, deletion, or restriction of personal data processing, and to object to such processing (Article 15 GDPR);
  2. Obtain a copy of the data – obtain a copy of the data being processed, with the first copy being free of charge, and for additional copies, the administrator may charge a reasonable fee based on administrative costs (Article 15(3) GDPR);
  3. Rectification – request the rectification of their personal data that is inaccurate or incomplete (Article 16 GDPR);
  4. Deletion – request the deletion of their personal data if the administrator no longer has a legal basis for processing it or the data is no longer necessary for processing purposes (Article 17 GDPR);
  5. Restriction of processing – request the restriction of personal data processing (Article 18 GDPR) if:
  • the accuracy of the personal data is contested by the data subject – for a period allowing the administrator to verify the accuracy of the data,
  • the processing is unlawful, and the data subject opposes the deletion of the personal data and requests the restriction of its use instead,
  • the administrator no longer needs the personal data but they are required by the data subject for the establishment, exercise, or defense of legal claims,
  • the data subject has objected to processing pending the verification whether the legitimate grounds of the administrator override those of the data subject;
  1. Data portability – receive in a structured, commonly used, and machine-readable format the personal data concerning them that they have provided to an administrator and have the right to transmit those data to another administrator, where the processing is based on consent or on a contract and the processing is carried out by automated means (Article 20 GDPR);
  2. Object – object to the processing of their personal data for legitimate purposes of the administrator for reasons related to their particular situation, including profiling. In such a case, the administrator assesses the existence of valid legitimate grounds for processing, overriding the interests, rights, and freedoms of the data subject, or grounds for establishing, pursuing, or defending claims. If, according to the assessment, the interests of the data subject outweigh the interests of the administrator, the administrator will be obliged to stop processing the data for these purposes (Article 21 GDPR).
  1. To exercise the above rights, the data subject should contact the administrator using the provided contact details and inform them which right and to what extent they wish to exercise.
  2. The data subject has the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office in Warsaw.

§6. Profiling

  1. Personal data obtained by the data administrator may be processed automatically, including profiling. Profiling of personal data by the data administrator involves assessing selected information about the data subject for the purposes of analyzing and predicting personal preferences and interests, especially to provide the data subject with personalized offers.
  2. Automated data processing by the data administrator does not have any legal effects for the data subject. The data subject may object to automated data processing at any time.

§7. Social Plugins

  1. The administrator uses plugins directing to social media portals on the website. These plugins are marked with the logo of the respective social media service.
  2. Data is transmitted to social media portals only when the user actively clicks on the appropriate plugin button. After pressing the plugin icon, the web browser will start connecting to the servers of the respective social media portal, and the user will be redirected to the external service provider’s website, i.e., the owner of the respective social media service, and the user’s web browser will establish a direct connection with the servers of these social media services. Using these functions may involve the use of external cookies. From the moment of clicking the plugin button, personal data is processed on the respective social media portal, and the owner of the social media portal becomes a joint administrator of personal data. The administrator informs that from the moment of actively clicking on the plugin button, the administrator has no influence on the nature and scope of personal data collected by the respective social media portal.
  3. Data is transmitted regardless of whether the user has an account on the respective social media portal or is logged in. If the user is logged in on the respective social media platform, the collected personal data will be directly assigned to the account (profile) used by the user.
  4. For more information on the purpose and scope of personal data collection, including the principles of processing by the service provider, refer to the privacy policies of these providers.

§8. Google Analytics

  1. The administrator uses Google Analytics, a web analytics service provided by Google Inc., based in the USA.
  2. Google Analytics uses cookies to analyze the use of the website by the user. Information generated by cookies about the use of the website by the user is generally transmitted to and stored on a Google server in the USA.
  3. The administrator has activated IP anonymization on this website. Consequently, within the Member States of the European Union or other parties to the Agreement on the European Economic Area, the user’s IP address will be shortened. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
  4. Google will use this information on behalf of the administrator to evaluate the use of the website by the user, to compile reports on website activity, and to provide other services relating to website activity and internet usage to the website operator.
  5. The IP address transmitted by the user’s browser as part of Google Analytics will not be associated with any other data held by Google.
  6. The user can prevent the storage of cookies by selecting the appropriate settings on their browser. However, the administrator points out that in such a case, the user may not be able to use the full functionality of this website.
  7. Additionally, the user can prevent Google from collecting and processing data generated by cookies and related to their use of the website (including IP address) by downloading and installing the browser plugin available at the following link: link.
  8. More information on data processing within Google Analytics is available in Google’s privacy policy: link.

§9. Changes to the Privacy Policy

  1. The administrator reserves the right to make changes to this privacy policy. Changes may result from the need to adapt to new legal regulations, technological changes, or changes in the way the website operates.
  2. Users will be informed about changes to the privacy policy through a notice on the website or via email, if they have provided their email address for this purpose.
  3. The updated privacy policy will be available on the website.

§10. Contact

For any questions or concerns regarding this privacy policy or the processing of personal data, please contact the administrator using the provided contact details.

This privacy policy is effective as of July 25, 2024.

Shopping Cart
Scroll to Top