Formal information at the beginning – the website administrator is Marcin Hołda, running a business under the name “Mylean Marcin Hołda”, Wysoka, ul. Konna 5B / 4, 52-200 Wrocław, NIP (VAT): 886-243-71-82.
In case of any doubts related to the privacy policy, you can contact me at any time by sending a message to the address mylean@mylean.pl.
Short version – the most important information
I care about your privacy, but also about your time. That is why I have prepared for you a shortened version of the most important rules related to privacy protection.
- By creating a user account, placing an order, submitting a complaint, withdrawing from the contract, adding a comment, subscribing to the newsletter, signing up for a webinar or simply contacting me, you provide me with your personal data and I guarantee that your data will remain confidential , secure and will not be made available to any third parties without your express consent.
- I entrust the processing of personal data only to verified and trusted entities providing services related to the processing of personal data.
- I use Google Analytics analytical tools that collect information about your website visits, such as the subpages you have displayed, the time you spent on the website or the transitions between individual subpages. For this purpose, Google LLC cookies are used for the Google Analytics service. As part of Google Analytics, I collect demographic data and data about interests. As part of the cookie settings, you can decide whether you consent to the collection of such data about you or not.
- I use marketing tools such as Facebook Pixel to target you personalized Facebook ads. This is related to the use of Facebook cookies. As part of the cookie settings, you can decide whether you consent to my use of Pixel Facebook in your case or not.
- I provide the opportunity to use social functions, such as sharing content on social networks and subscribing to a social profile. The use of these functions may involve the use of cookies of social network administrators such as Facebook, Instagram, YouTube, Twitter, Google+, Pinterest, LinkedIn.
- I embed videos from YouTube and Vimeo on websites. For this purpose, Google LLC cookies are used for the YouTube service and Vimeo Inc. cookies. Cookies are only loaded when the video is played.
- I use my own cookies for the proper functioning of the website.
If the above information is not sufficient for you, you will find further details below.
Personal data
The administrator of your personal data within the meaning of the provisions on the protection of personal data is Marcin Hołda, running a business under the name MyLean Marcin Hołda, Wysoka, ul. Konna 5B / 4, 52-200 Wrocław, NIP (VAT): 886-243-71-82.
The purposes, legal grounds and period of personal data processing are indicated separately for each purpose of data processing (see the description of individual purposes of personal data processing below).
Permissions. The GDPR grants you the following potential rights:
- the right to access personal data,
- the right to rectify personal data,
- the right to delete personal data,
- the right to limit the processing of personal data,
- the right to object to the processing of personal data,
- the right to data portability,
- the right to lodge a complaint with a supervisory authority,
- the right to withdraw consent to the processing of personal data, if you have given such consent.
The rules related to the implementation of the indicated rights are described in detail in Art. 16 – 21 GDPR. I encourage you to read these regulations. For my part, I consider it necessary to explain to you that the above-mentioned rights are not absolute and you will not be entitled to all activities of processing your personal data. For your convenience, I have made every effort to indicate the rights you are entitled to as part of the description of individual data processing operations.
I emphasize that you always have one of the rights indicated above – if you believe that I have breached the provisions on the protection of personal data while processing your personal data, you have the option to lodge a complaint with the supervisory body (the President of the Personal Data Protection Office).
Security. I guarantee the confidentiality of all personal data provided to me. I ensure that all security and personal data protection measures required by the provisions on the protection of personal data are taken. Personal data is collected with due diligence and properly protected against access by unauthorized persons.
Data recipients. Your data may be processed by my subcontractors, i.e. entities whose services I use to process data and provide services to you or fulfill orders in the online store.
- The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA (service called Mailchimp) – to store personal data (newsletter) on the server,
All entities entrusted with the processing of personal data guarantee the application of appropriate measures for the protection and security of personal data required by law.
Processing purposes and activities
Newsletter. If you want to subscribe to the newsletter, you must provide me with your e-mail address via the newsletter subscription form. Providing data is voluntary, but necessary to subscribe to the newsletter.
The data provided to me when subscribing to the newsletter is used to send you the newsletter, and the legal basis for their processing is your consent (Article 6 (1) (a) of the GDPR) expressed when subscribing to the newsletter.
The data will be processed for the duration of the newsletter, unless you unsubscribe earlier, which will delete your data from the database.
You can correct your data stored in the newsletter database at any time, as well as request their removal by resigning from receiving the newsletter. You also have the right to transfer the data referred to in art. 20 GDPR.
E-mail contact. By contacting me via e-mail, including sending an inquiry via the contact form, you naturally provide me with your e-mail address as the sender’s address. In addition, you can also include other personal data in the text of the message. Providing data is voluntary, but necessary to make contact.
In this case, your data is processed in order to contact you, and the basis for processing is art. 6 sec. 1 lit. a GDPR, i.e. your consent resulting from initiating contact with me. The legal basis for processing after the end of contact is the justified purpose of archiving correspondence for internal purposes (Article 6 (1) (c) of the GDPR).
The content of the correspondence may be archived and I am not able to clearly determine when it will be deleted. You have the right to request a history of correspondence with me (if it was subject to archiving), as well as request its removal, unless its archiving is justified due to my overriding interests, e.g. defense against potential claims against Your party.
Shopping in the store. When placing an order in the store, you must provide the data necessary to complete the order, such as name and surname, billing address, e-mail address, telephone number, tax identification number. Providing data is voluntary, but necessary to place an order.
The data provided to us in connection with the order are processed in order to perform the contract concluded by placing an order (Article 6 (1) (b) of the GDPR), issuing an invoice (Article 6 (1) (c) of the GDPR), including the invoice in the documentation accounting (Article 6 (1) (c) of the GDPR) and for archival and statistical purposes, including to identify a returning customer (Article 6 (1) (f) of the GDPR).
Data about orders will be processed for the time necessary to perform the order, and then until the expiry of the limitation period for claims under the contract. In addition, after this deadline, the data may still be processed by us for archival and statistical purposes, in particular to identify the returning customer. Also remember that we are required to store invoices with your personal data for a period of 5 years from the end of the tax year in which the tax obligation arose.
You cannot object to the processing of data and demand the deletion of data until the expiry of the limitation period for claims under the contract. Similarly, you cannot object to the processing of data and request the deletion of data contained in invoices. After the expiry of the limitation period for claims under the contract, you can object to our processing of your data for statistical and archival purposes, as well as request the removal of your data from the database.
User account in the store. When creating a user account in the store, you must provide the data necessary to set up an account, such as e-mail address and password. Providing data is voluntary, but necessary to create an account. As part of editing account details, you can provide your further details.
The data provided in connection with the creation of an account is processed in order to provide you with an electronic service consisting in providing you with the possibility of using the user account. This service is provided on the basis of an agreement concluded on the terms described in the regulations, which means that in this respect the legal basis for the processing of your personal data is art. 6 sec. 1 lit. b GDPR.
You can decide to delete your account at any time, but it will not delete your data from our database, because this data is necessary for us to determine, defend or pursue claims related to the contract for the provision of electronic services.
In addition, your data is stored in the database after deleting your account so that we can identify you as a returning user in the future if you decide to use the store again as a registered user. In this regard, the legal basis for the processing of your personal data is our legitimate interest – art. 6 sec. 1 lit. f GDPR.
As part of the user account, the history of your orders placed using the account is stored. In this regard, the processing of personal data is described in the point above – shopping in the store. The deletion of the user account will not be tantamount to the deletion of information about orders placed using the account, if we still have a legal basis for the processing of this information.
You can modify the data contained in your account at any time.
Complaints and withdrawal from the contract. If you submit a complaint or withdraw from the contract, you provide personal data contained in the content of the complaint or the statement of withdrawal from the contract, which includes your name and surname, address, telephone number, e-mail address, bank account number. Providing data is voluntary, but necessary to submit a complaint or withdraw from the contract.
The data provided in connection with the submission of a complaint or withdrawal from the contract are used to implement the complaint procedure or the procedure for withdrawing from the contract (Article 6 (1) (b) of the GDPR), and then for archival purposes, which is our legitimate interest (Article 6 (1) (f) of the GDPR).
The data will be processed for the time necessary to implement the complaint procedure or the withdrawal procedure. Complaints and statements of withdrawal from the contract may also be archived in order to show the course of the complaint process or withdraw from the contract in the future.
In the case of data contained in complaints and declarations of withdrawal from the contract, you cannot rectify this data. You also cannot object to the processing of data and demand the deletion of data until the expiry of the limitation period for claims under the contract. After the expiry of the limitation period for claims under the contract, you can, however, object to the processing of your data by us, as well as request the removal of your data from the database.
Cookies and other tracking technologies
My website, like almost all other websites, uses cookies.
Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone) that can be read by my ICT system (own cookies) or the ICT system of third parties (third party cookies).
Some of the cookies I use are deleted after the end of the web browser session, i.e. after closing it (so-called session cookies). Other cookies are stored on your end device and allow me to recognize your browser the next time you visit the site (persistent cookies).
See below for more details.
Consent to cookies. During the first visit to the website, you are shown information about the use of cookies. Thanks to a special tool, you can manage cookies from the website level. In addition, you can always change cookie settings from your browser or delete cookies altogether. Browsers manage cookie settings in various ways. In the auxiliary menu of the web browser you will find explanations on how to change cookie settings. Remember that disabling or limiting the use of cookies may cause difficulties in using my websites, as well as from many other websites that use cookies.
Own cookies. I use my own cookies to ensure the proper functioning of the website, in particular the ordering process and logging into the user’s account.
Third party cookies. My website, like most modern websites, uses functions provided by third parties, which involves the use of cookies from third parties. The use of such cookies is described below.
Google Analytics. We use the Google Analytics tool provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. We carry out activities in this area based on our legitimate interest, consisting in the creation of statistics and their analysis in order to optimize our websites.
Google Analytics automatically collects information about your use of our website. The information collected in this way is most often transferred to a Google server in the United States and stored there. User and event data does not expire automatically.
Due to the IP anonymization activated by us, your IP address is shortened before forwarding. Only in exceptional cases is the full IP address transferred to a Google server in the United States and truncated there. The anonymized IP address provided by your browser as part of Google Analytics is, as a rule, not combined with other Google data.
We emphasize that as part of Google Analytics we do not collect any data that would allow your identification. Therefore, the data collected as part of Google Analytics is not personal data. The information we have access to as part of Google Analytics is, in particular:
- information about the operating system and web browser you use,
- subpages that you browse as part of our website,
- time spent on our website and on its subpages,
- transitions between individual subpages within our website,
- the source from which you go to our website.
In addition, as part of Google Analytics, we use the following Advertising Functions:
- demographic and interest reports,
- remarketing,
- advertising reporting functions, user-ID.
As part of the Advertising Functions, we also do not collect personal data. The information we have access to is, in particular:
- the age range you are in,
- Your gender
- Your approximate location limited to the city,
- Your interests based on your online activity.
In order to use Google Analytics, we have implemented a special Google Analytics tracking code in the code of our website. The tracking code uses Google LLC cookies for the Google Analytics service. You can also block the Google Analytics tracking code at any time by installing the browser add-on provided by Google: https://tools.google.com/dlpage/gaoptout.
Google Analytics and Google Analytics 360 services have been certified by the independent security standard ISO 27001. ISO 27001 is one of the most recognized standards in the world and certifies compliance with the relevant requirements by systems that support Google Analytics and Google Analytics 360.
If you are interested in details related to data processing as part of Google Analytics, we encourage you to read the explanations prepared by Google: https://support.google.com/analytics/answer/6004245.
Facebook Pixel. I use marketing tools available on Facebook and provided by Facebook Inc., 1601 S. California Ave. Palo Alto, CA 94304, USA. As part of these tools, I direct you to advertisements on Facebook. I carry out activities in this area based on my legitimate interest in the form of marketing my own products or services.
In order to send you personalized ads in terms of your behavior on my website, I have implemented Facebook Pixel on my pages, which automatically collects information about your use of my website in terms of pages viewed. The information collected in this way is most often transferred to a Facebook server in the United States and stored there.
The information collected as part of Facebook’s Pixel is anonymous, i.e. it does not allow me to identify you. I only know what actions you have taken on my website. However, I would like to inform you that Facebook may combine this information with other information collected about you as part of your use of Facebook and use it for its own purposes, including marketing. Such Facebook activities are no longer dependent on me, and you can search for information about them directly in Facebook’s privacy policy: https://www.facebook.com/privacy/explanation. You can also manage your privacy settings from your Facebook account.
Due to the fact that Facebook Inc. is based in the USA and uses the technical infrastructure located in the USA, joined the EU-US-Privacy Shield program in order to ensure an adequate level of personal data protection required by European regulations. Under the agreement between the US and the European Commission, the latter has established an adequate level of data protection in the case of companies certified by the Privacy Shield.
As part of the cookie settings available on my website, you can decide whether you consent to my use of Pixel Facebook in your case or not.
Social media tools. My websites use plugins and other social tools provided by social networking sites, such as Facebook, Twitter, Instagram, Google, LinkedIN.
By displaying my website containing such a plug-in, your browser will establish a direct connection with the servers of social network administrators (service providers). The content of the plugin is transferred by the given service provider directly to your browser and integrated with the website. Thanks to this integration, service providers receive information that your browser has displayed my website, even if you do not have a profile with a given service provider or are not logged in at the moment. Such information (along with your IP address) is sent by your browser directly to the server of a given service provider (some servers are located in the USA) and stored there.
If you have logged in to one of the social networking sites, this service provider will be able to directly assign a visit to my website to your profile on a given social networking site.
If you use a given plug-in, for example by clicking on the “Like” or “Share” button, the relevant information will also be sent directly to the server of the given service provider and stored there.
In addition, this information will be published on a given social network and will appear to people added as your contacts. The purpose and scope of data collection and their further processing and use by service providers, as well as the possibility of contact and your rights in this regard and the possibility of making settings to protect your privacy are described in the privacy policy of individual service providers.
- Facebook – https://www.facebook.com/legal/FB_Work_Privacy,
- Instagram – https://help.instagram.com/519522125107875?helpref=page_content,
- Twitter – https://twitter.com/en/privacy,
- Google – https://policies.google.com/privacy?hl=pl,
- LinkedIN – https://www.linkedin.com/legal/privacy-policy.
If you do not want social networking sites to assign the data collected during your visit to my website directly to your profile on a given website, you must log out of this website before visiting my website. You can also completely prevent loading of plugins on the website by using appropriate extensions for your browser, e.g. blocking scripts.
Video. I embed videos from YouTube and Vimeo on websites. For this purpose, cookies from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA regarding the YouTube service and cookies from Vimeo Inc. are used. Cookies are only loaded when the video is played. If you do not agree to their loading, refrain from playing the video
When playing a video, Google or Vimeo receive information about it, even if you do not have a profile with a given service provider or you are not logged in at the moment. Such information (along with your IP address) is sent by your browser directly to the server of a given service provider (some servers are located in the USA) and stored there.
If you have logged in to Google or Vimeo, this service provider will be able to directly assign the video playback on my website to your profile on a given social network. The purpose and scope of data collection and their further processing and use by service providers, as well as the possibility of contact and your rights in this regard and the possibility of making settings to protect your privacy are described in the privacy policy of individual service providers.
If you do not want Google or Vimeo to assign the data collected during video playback on my website directly to your profile on a given website, you must log out of this website before visiting my website. You can also completely prevent loading of plugins on the website by using appropriate extensions for your browser, e.g. blocking scripts.
We encourage you to read the details of Google’s privacy policy (https://policies.google.com/privacy) and Vimeo (https://vimeo.com/privacy).
Server logs
Using the website involves sending queries to the server on which the website is stored. Each query directed to the server is saved in the server logs.
Logs include Your IP address, server date and time, information about the web browser and operating system you use. Logs are saved and stored on the server.
The data stored in the server logs are not associated with specific people using the website and are not used by me to identify you.
The server logs are only auxiliary material used to administer the website, and their content is not disclosed to anyone except those authorized to administer the server.