Back

Privacy Policy

The following Privacy Policy defines the rules for storing and accessing data on the Devices of Users utilizing the Service to provide electronic services by the Administrator, as well as the rules for collecting and processing personal data of Users that they have personally and voluntarily provided through tools available in the Service.

The following Privacy Policy is an integral part of the Terms of Service, which define the rules, rights, and obligations of Users utilizing the Service.

§1 Definitions

Service – the “egzooedu.eu” online service operating at https://egzooedu.eu
External Service – websites of partners, service providers, or recipients collaborating with the Administrator
Service/Data Administrator – the Administrator of the Service and Data (hereafter referred to as the Administrator) is the company “Egzoovet lek. wet. Przemysław Łuczak,” located at ul. Lipowa 3, 87-800 Włocławek, Poland, with Tax Identification Number (NIP): 8882912278, providing electronic services via the Service.
User – a natural person for whom the Administrator provides electronic services via the Service.
Device – an electronic device with software enabling the User to access the Service.
Cookies – text data collected in the form of files placed on the User’s Device.
GDPR – Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).
Personal Data – information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
Processing – any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction.
Restriction of Processing – marking stored personal data to limit its future processing.
Profiling – any form of automated processing of personal data involving the use of personal data to evaluate certain personal aspects of a natural person, particularly to analyze or predict aspects concerning the natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
Consent – the data subject’s freely given, specific, informed, and unambiguous indication of their wishes by which they, through a statement or clear affirmative action, signify agreement to the processing of personal data relating to them.
Personal Data Breach – a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.
Pseudonymization – the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without additional information, provided such additional information is kept separately and is subject to technical and organizational measures ensuring non-attribution to an identified or identifiable natural person.
Anonymization – an irreversible process in which personal data is manipulated in such a way that it cannot be linked or attributed to an identified or identifiable natural person.

§2 Data Protection Officer

Pursuant to Article 37 of GDPR, the Administrator has not appointed a Data Protection Officer. For matters concerning data processing, including personal data, Users should contact the Administrator directly.

§3 Types of Cookies

Internal Cookies – files placed and read from the User’s Device by the Service’s IT system.
External Cookies – files placed and read from the User’s Device by external services’ IT systems. The scripts of such external services, integrated with the Service, may place Cookies on the User’s Device.
Session Cookies – files placed and read from the User’s Device by the Service during a single session. These files are deleted after the session ends.
Persistent Cookies – files placed and read from the User’s Device by the Service until manually deleted. These files are not deleted automatically after the session ends unless the Device is configured to clear Cookies after session termination.

§4 Data Security

Mechanisms for storing and reading Cookies – Mechanisms for storing, reading, and exchanging data between Cookies stored on the User’s Device and the Service are implemented using built-in browser functionalities. These mechanisms ensure that other data from the User’s Device or other websites visited by the User, including personal and confidential information, cannot be accessed. Transferring viruses, trojans, or other malware to the User’s Device is virtually impossible.
Internal Cookies – Cookies applied by the Administrator are secure for Users and their Devices and do not contain scripts, content, or information that could endanger the security of personal data or the User’s Device.
External Cookies – The Administrator takes all possible measures to verify and select the Service’s partners in the context of User safety. However, the Administrator does not have full control over the content of Cookies originating from external partners. The Administrator is not responsible for the security of Cookies, their content, or their use in accordance with the license by scripts installed on the Service from external services to the extent permitted by law. The list of partners is included later in this Privacy Policy.

§5 Purposes for Using Cookies

Cookies are utilized for purposes such as:

  • Improving and facilitating access to the Service.

  • Personalizing the Service for Users.

  • Enabling login to the Service.

  • Marketing and remarketing in external services.

  • Conducting statistics (e.g., users, number of visits, device types, connections, etc.).

  • Providing multimedia services.

  • Offering social media services.

§6 Purposes for Processing Personal Data

Personal data voluntarily submitted by Users is processed for purposes such as:

  • Providing electronic services:

    • User account registration and maintenance, including related functionalities.

    • Newsletter service (including sending advertising content with consent).

    • Commenting/liking posts in the Service without registration.

    • Sharing information from the Service on social media or other websites.

    • Communication between the Administrator and Users regarding the Service and data protection.

  • Ensuring the Administrator’s legitimate interests.

Anonymized and automatically collected User data is processed for purposes such as:

  • Conducting statistics.

  • Remarketing.

  • Ensuring the Administrator’s legitimate interests.

§7 Cookies of External Services

The Administrator uses JavaScript scripts and web components from partners on the Service, which may place their own cookies on the User’s Device. Remember, you can decide on allowed cookies for specific websites through your browser settings. Below is a list of partners or their services implemented in the Service that may place cookies:

  • Multimedia services:

    • YouTube

  • Social/Integration services:

    • (Registration, login, content sharing, communication, etc.)

    • Facebook

    • Google+

    • LinkedIn

  • Newsletter services:

    • MailChimp

  • Statistics services:

    • Google Analytics

Services provided by third parties are outside the Administrator’s control. These entities may change their terms of service, privacy policies, purposes for data processing, and ways of using cookies at any time.

§8 Types of Data Collected

The Service collects data about Users. Some data is collected automatically and anonymously, while other data includes personal information voluntarily provided by Users during registration for specific services offered by the Service.

Automatically collected anonymous data:

  • IP address

  • Browser type

  • Screen resolution

  • Approximate location

  • Visited subpages of the Service

  • Time spent on respective subpages of the Service

  • Operating system type

  • Address of the previous subpage

  • Referring page address

  • Browser language

  • Internet connection speed

  • Internet service provider

Data collected during registration:

  • First/last name or pseudonym

  • Username

  • Email address

  • Residential address

  • Phone number

  • IP address (collected automatically)

  • VAT number

Data collected when subscribing to the Newsletter:

  • First/last name or pseudonym

  • Email address

  • IP address (collected automatically)

Data collected when adding a comment:

  • First/last name or pseudonym

  • Email address

  • Website address

  • IP address (collected automatically)

Some data (excluding identifiable information) may be stored in cookies. Some data (excluding identifiable information) may be shared with statistical service providers.

§9 Access to Personal Data by Third Parties

As a rule, the sole recipient of the personal data provided by Users is the Administrator. Data collected in connection with the provided services is not shared or sold to third parties.

Access to data (usually under a Data Processing Agreement) may be granted to entities responsible for maintaining the infrastructure and services necessary to operate the Service, such as:

  • Hosting providers offering hosting or related services to the Administrator

  • Companies providing the Newsletter service

  • Companies facilitating online payments for goods or services offered on the Service (in cases of purchase transactions within the Service)

Delegation of Personal Data Processing – Newsletter

To provide the Newsletter service, the Administrator uses a third-party service—MailChimp. Data entered into the subscription form for the newsletter is transferred, stored, and processed on this external service provider’s platform. Please note that this partner may modify their privacy policy without the Administrator’s consent.

Delegation of Personal Data Processing – Hosting, VPS, or Dedicated Servers

To operate the Service, the Administrator uses external hosting providers, VPS, or dedicated servers—hosting: nazwa.pl. All data collected and processed on the Service is stored and processed within the provider’s infrastructure located in Poland. Access to this data may occur during maintenance work conducted by the provider’s personnel. This access is regulated by an agreement between the Administrator and the provider.

Data Processing for Online Payments

For online payment transactions, all payment data is provided directly by the User to the payment service provider—PayU. Selected data necessary to complete the transaction is subsequently forwarded to the Administrator by this entity. The data transfer is governed by an agreement between the Administrator and the provider.

§10 Personal Data Processing Methods

Personal data voluntarily provided by Users:

  • Personal data will not be transferred outside the European Union unless it has been published as a result of the User’s individual action (e.g., adding a comment or post), making the data accessible to anyone visiting the Service.

  • Personal data will not be used for automated decision-making (profiling).

  • Personal data will not be sold to third parties.

Anonymous data (without personal data) collected automatically:

  • Anonymous data (without personal data) may be transferred outside the European Union.

  • Anonymous data (without personal data) will not be used for automated decision-making (profiling).

  • Anonymous data (without personal data) will not be sold to third parties.


§11 Legal Basis for Processing Personal Data

The Service collects and processes Users’ data based on:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation):

    • Art. 6(1)(a): The data subject has given consent to the processing of their personal data for one or more specific purposes.

    • Art. 6(1)(b): Processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.

    • Art. 6(1)(f): Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

  • Act of 10 May 2018 on Personal Data Protection (Journal of Laws 2018, item 1000)

  • Act of 16 July 2004 Telecommunications Law (Journal of Laws 2004, No. 171, item 1800)

  • Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994, No. 24, item 83)

§12 Period of Personal Data Processing

Personal data voluntarily provided by Users:

  • As a rule, the indicated personal data is stored only for the duration of the Service provided by the Administrator. It is deleted or anonymized within 30 days after the termination of the Service (e.g., deletion of a registered user account, unsubscribing from the Newsletter, etc.).

  • An exception applies to situations where it is necessary to secure legally justified purposes for further processing of this data by the Administrator. In such cases, the Administrator will retain the data, upon the User’s request for deletion, for no longer than 3 years in the event of a breach or suspected breach of the Service’s regulations by the User.

Anonymous data (without personal data) collected automatically:

  • Anonymous statistical data, not constituting personal data, is stored by the Administrator for statistical purposes of the Service for an indefinite period.

§13 Users’ Rights Related to Personal Data Processing

Users have the following rights regarding their personal data:

  1. Right of access to personal data:

    • Users have the right to access their personal data upon request to the Administrator.

  2. Right to rectify personal data:

    • Users have the right to request the immediate rectification of inaccurate personal data or to complete incomplete personal data upon request to the Administrator.

  3. Right to delete personal data:

    • Users have the right to request the immediate deletion of their personal data from the Administrator. For user accounts, deletion involves anonymizing data that enables User identification. The Administrator reserves the right to suspend the request for data deletion to protect the Administrator’s legitimate interest (e.g., when the User has breached the Terms or data has been obtained through correspondence).

    • For the Newsletter service, Users can independently delete their personal data by using the link provided in each email.

  4. Right to restrict personal data processing:

    • Users have the right to restrict the processing of their personal data in cases specified in Article 18 of the GDPR, such as contesting the accuracy of personal data, upon request to the Administrator.

  5. Right to data portability:

    • Users have the right to obtain their personal data from the Administrator in a structured, commonly used, and machine-readable format upon request to the Administrator.

  6. Right to object to personal data processing:

    • Users have the right to object to the processing of their personal data in cases specified in Article 21 of the GDPR, upon request to the Administrator.

  7. Right to file a complaint:

    • Users have the right to lodge a complaint with the supervisory authority responsible for personal data protection.

§14 Contact Information for the Administrator

You can contact the Administrator through one of the following methods:

  • Postal address: Egzoovet lek. wet. Przemysław Łuczak, ul. Lipowa 3, 87-800 Włocławek

  • Email address: egzooedu@gmail.com

  • Telephone contact: +48 785 518 821

§15 Service Requirements

  • Limiting the saving and access to cookies on the User’s Device may result in improper functioning of certain Service features.

  • The Administrator is not responsible for the improper functioning of Service features if the User restricts the saving and reading of cookies in any way.

§16 External Links

The Service—within articles, posts, entries, or User comments—may contain links to external websites that the Service Owner does not collaborate with. These links, as well as the sites or files they point to, may pose risks to your Device or the security of your data. The Administrator is not responsible for content found outside the Service.

§17 Changes to the Privacy Policy

  • The Administrator reserves the right to change this Privacy Policy at any time without notifying Users regarding the application and use of anonymous data or cookies.

  • The Administrator reserves the right to change this Privacy Policy regarding the processing of Personal Data, notifying Users with accounts or subscribed to the Newsletter via email within 7 days of the policy update. Continued use of the services indicates acknowledgment and acceptance of the changes to the Privacy Policy. If the User disagrees with the changes, they are obligated to delete their account from the Service or unsubscribe from the Newsletter.

  • Changes to the Privacy Policy will be published on this subpage of the Service.

  • Changes take effect upon publication.