1. General information
- This policy applies to the Website operating at the URL address: https://lugaah.us/
- The Website operator and personal data Controller is: Lugaah Sp. z o.o. Władysława Łokietka 35, 64-840 Budzyń, PL
- The operator’s contact e-mail address is: firstname.lastname@example.org
The operator is the Controller of your personal data, in relation to the data provided voluntarily on the Website.
- The Website uses personal data for the following purposes:
- Handling a comment system
- Presentation of the offer or information
- The Website gathers information about users and their behaviour in the following ways:
- Through data voluntarily entered in forms that are entered into the Operator’s systems.
- By storing the so called cookies on user’s terminal devices.
2. Selected methods of data protection used by the Operator
- The places of logging in and entering personal data are protected in the transmission layer (SSL certificate). Thanks to this, personal data and login data entered on the website are encrypted on the user’s computer and can be read only on the target server.
- User passwords are stored in a hash form. The hash function works one-way – it is not possible to reverse its operation, which is now a modern standard in terms of storing user passwords.
- The Website uses two-factor authentication, which is an additional form of protection for logging into the Website.
- The Operator periodically changes its administrative passwords.
In order to protect data, the Operator regularly makes backup copies.
- The Website is hosted (technically maintained) on the operator’s server: linuxpl.com
- Registration data of the hosting company: H88 S.A. with its registered office in Poznań, Franklin Roosevelt 22, 60-829 Poznań, entered into the National Court Register by the District Court Poznań – Nowe Miasto and Wilda in Poznań, VIII Commercial Department of the National Court Register under the number KRS 0000612359, REGON 364261632, NIP 7822622168, share capital PLN 210,000.00 fully paid up.
- Hosting company:
- uses measures to protect against data loss (e.g. disk arrays, regular backups),
- uses adequate measures to protect processing locations in the event of a fire (e.g. special fire extinguishing systems),
- uses adequate measures to protect processing systems in the event of a sudden power failure (e.g. dual power lines, generators, UPS voltage support systems),
- uses physical security measures to protect access to data processing sites (e.g. access control, monitoring),
- uses measures to ensure appropriate environmental conditions for servers as elements of the data processing system (e.g. control of environmental conditions, specialised air conditioning systems),
- uses organisational solutions to ensure the highest possible level of protection and confidentiality (training, internal regulations, password policies, etc.),
- appointed a Data Protection Officer.
- The hosting company maintains server-level logs to ensure technical reliability. Recorded may be:
- resources specified by URL identifier (addresses of requested resources – pages, files),
- query arrival time,
- response sending time,
- name of the client’s station – identification carried out via HTTP Protocol,
- information about errors that occurred during the execution of HTTP transaction,
- URL address of the website previously visited by the user (referrer link) – in case the Website was accessed through a link,
- information about the user’s browser,
- information about the IP address,
- diagnostic information related to the process of ordering services independently via loggers on the website,
- information related to the handling of electronic mail addressed to the Operator and sent by the Operator.
4. Your rights and additional information on the ways the data is used
- In some situations, the Controller has the right to transfer your personal data to other recipients if it is necessary to perform the contract concluded with you or to fulfil the Controller’s obligations. This applies to such groups of recipients as:
- persons authorised by us, employees and associates who must have access to personal data in order to perform their duties,
- hosting company,
- companies that handle mailings,
- companies that handle SMS alerts,
- companies, with which the Controller cooperates in terms of own marketing,
- law firms and debt collectors,
- payment operators,
- public authorities.
- Your personal data is processed by the Controller for no longer than necessary to perform related activities specified in separate regulations (e.g. on accounting). With regard to marketing data, the data will not be processed for more than 3 years.
- You have the right to request from the Controller:
- access to your personal data, their rectification, deletion, restriction of processing and transfer of data.
- You have the right to object to the processing indicated in point 3.3 c) to the processing of personal data for the purpose of exercising legally justified interests pursued by the Controller, including profiling, however, the right to object cannot be exercised if there are valid legitimate grounds for the processing of interests, rights and freedoms overriding you, in particular the establishment, exercise or defence of claims.
- The Controller’s actions may be appealed to the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.
- Providing personal data is voluntary, but necessary to operate the Website.
- In relation to you, actions may be taken involving automated decision making, including profiling to provide services under the concluded contract and for direct marketing by the Controller.
- Personal data is not transferred from third countries within the meaning of the provisions on the protection of personal data. This means that we do not send them outside the European Union.
5. Information in forms
- The Website collects information provided voluntarily by the user, including personal data, if they are provided.
- The website can also store information about the connection parameters (time, IP address).
- In some cases, the website may save information that makes it easier to link data in the form to the email address of the user completing the form. In this case, the user’s email address appears inside the URL of the page containing the form.
- The data provided in this form are processed in the order resulting from the function of a particular form, for example in order to make the process of handling a service request or a business contact. Each time the context and description of the form clearly informs what it is used for.
6. Administrator logs
- Information on user behaviour on the website may be subject to logging in. This data is used to administer the website.
7. Important marketing techniques
8. Information about cookies
- The so-called cookies are IT data, in particular text files, which are stored on the Website User’s end device and are designed to use the pages offered by the Website. Cookies usually contain the name of the website from which they originate, their storage time on the user’s end device, as well as a unique number.
- The Website Operator is the entity that uploads the cookies on the Website User’s end device as well as the one that has access to it.
- Cookies are used for the following purposes:
- maintenance of the Website User’s session (after logging in) to allow the user to use the Website without re-typing his/her login and password;
- achieving the objectives set out above in the section “Important marketing techniques”;
- The Website uses two basic kinds of cookie files: session cookies and persistent cookies. Session cookies are temporary files that are stored in the User’s end device until logging out, closing the website or closing the software (web browser). Persistent cookies are stored in the User’s end device for a period defined in the cookie file parameters or until they are deleted by the User.
- Software for browsing websites (internet browser) usually allows for storing cookies on the User’s end device by default. The Website Users may introduce changes of settings in this regard. The web browser allows for deleting the cookies. It is also possible to block cookies automatically. Detailed information on this topic can be found in the help section or in the internet browser documentation.
- Cookies placed on the Website User’s end device may also be used by entities cooperating with the Website operator, in particular the companies: Google (Google Inc. with its registered office in the USA), Facebook (Facebook Inc. with its registered office in the USA), Twitter (Twitter Inc. with its registered office in the USA).
9. Cookies management – how to grant and withdraw consent in practice?
- If the user does not want to receive cookie files, they can change the browser’s settings. We reserve that disabling the cookie file support necessary for the process of authentication, safety, maintenance of user preferences may hinder, or in extreme cases make it impossible to use websites.
- To manage cookie settings, select the web browser you use from the list below and follow the instructions: