The following Privacy Policy defines the rules for storing and accessing data on Users’ devices using the Service for the purpose of providing electronic services by the Administrator, as well as the principles of collecting and processing Users’ personal data provided by them personally and voluntarily through tools available on the Service.
The following Privacy Policy is an integral part of the Service Regulations, which define the rules, rights, and obligations of Users using the Service.
Definitions
Service – the website “medium.cba.pl” operating at https://medium.cba.pl/ External service – websites of partners, service providers or recipients cooperating with the Administrator Service Administrator / Data – The Service Administrator and Data Administrator (hereinafter the Administrator) is the company “”. User – a natural person for whom the Administrator provides electronic services through the Service. Device – an electronic device with software through which the User accesses the Service Cookies – text data collected in the form of files placed on the User’s Device GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) Personal data – means information about an identified or identifiable natural person (“person to whom the data relates”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person Processing – means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;
Restriction of processing – means marking personal data stored in order to limit their future processing Profiling – means any form of automated processing of personal data which involves the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements Consent – consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her Personal data breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed Pseudonymisation – means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Anonymisation – Anonymisation of data is an irreversible process of data operation that destroys/overwrites “personal data,” making identification or linking of a particular record to a specific user or individual impossible.
Data Protection Officer
In accordance with Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer. For matters concerning data processing, including personal data, please contact the Administrator directly.
Types of cookies
Internal cookies – files placed and read from the User’s Device by the teleinformatics system of the Service. External cookies – files placed and read from the User’s Device by the teleinformatics systems of external Services. Scripts of external Services, which may place Cookies files on the User’s Devices, have been consciously placed in the Service through scripts and services provided and installed on the Service. Session cookies – files placed and read from the User’s Device by the Service during one session of the Device. After the session ends, the files are removed from the User’s Device. Persistent cookies – files placed and read from the User’s Device by the Service until they are manually deleted. The files are not automatically removed after the Device session unless the User’s Device configuration is set to delete Cookie files after the Device session ends.
Data Storage Security
Mechanisms of storing and reading Cookie files – The mechanisms of storing, reading, and exchanging data between Cookie files saved on the User’s Device and the Service are carried out through built-in mechanisms of web browsers and do not allow for downloading other data from the User’s Device or data from other websites visited by the User, including personal data or confidential information. Transferring viruses, trojans, and other worms to the User’s Device is also practically impossible. Internal Cookies – the Cookies used by the Administrator are safe for Users’ Devices and do not contain scripts, content, or information that could threaten the security of personal data or the security of the User’s Device. External Cookies – The Administrator takes all possible actions to verify and select service partners in the context of User safety. The Administrator cooperates with well-known, large partners with global social trust. However, the Administrator does not have full control over the content of Cookie files from external partners. The Administrator is not responsible for the security of Cookie files, their content, and their use in accordance with the license by Scripts installed on the service from external Services, to the extent permitted by law. The list of partners is included in the further part of the Privacy Policy.
Cookie Control
The user can at any time independently change the settings regarding the saving, deleting, and access to data stored in Cookie files by any website.
Information on how to disable cookies in the most popular web browsers is available on the website: how to disable cookies or from one of the designated providers.
The user can delete all cookies stored up to this point at any time using the tools of the user’s device through which the user is accessing the services of the website.
User Side Threats – The administrator uses all possible technical means to ensure the security of data placed in Cookie files. However, it should be noted that ensuring the security of this data depends on both sides, including the User’s activities. The administrator is not responsible for the interception of this data, impersonation of the User’s session, or their deletion, due to the intentional or unintentional activities of the User, viruses, trojans, and other spyware that may have infected the User’s Device. Users should adhere to the rules of safe internet use to protect themselves from these threats.
Personal data storage – The administrator ensures that every effort is made to ensure that the personal data voluntarily provided by Users is safe, access to it is limited, and processed in accordance with its purpose and processing goals. The administrator also ensures that every effort is made to secure the data held from loss, by using appropriate physical and organisational safeguards.
Purposes for which cookies are used
Improving and facilitating access to the Service
Personalization of the Service for Users
Marketing, Remarketing on external websites
Ad serving services
Affiliate services
Conducting statistics (users, number of visits, types of devices, connection, etc.)
Serving multimedia services
Provision of social services
Google AdSense adverts
The blog utilises Google AdSense technology, which allows for displaying personalised ads based on the user’s browsing history and interests.
Google uses cookies to provide users with relevant advertisements. Users can opt out of personalised ads by changing their Google ad settings.
More information on Google’s privacy practices and how to disable certain features can be found at: https://policies.google.com/technologies/ads.
Processing of personal data
Personal data voluntarily provided by Users is processed for one of the following purposes:
Implementation of electronic services:
Services of commenting / liking posts on the Website without the need to register
Services of sharing information about content placed on the Website in social media or other websites.
Communication of the Administrator with Users regarding matters related to the Website and data protection
Ensuring the Administrator’s legitimate interest
User data collected anonymously and automatically are processed for one of the following purposes:
Conducting statistics
Conducting statistics
Remarketing
Serving ads tailored to Users’ preferences
Servicing affiliate programs
Ensuring the Administrator’s legitimate interest
Third-party Cookies Files
The Administrator of the Service uses JavaScript scripts and web components from partners, who may place their own cookies on the User’s Device. Remember that in your browser settings, you can decide which cookies are allowed to be used by individual websites. Below is a list of partners or their services implemented in the Service, that may place cookies:
Services provided by third parties are beyond the control of the Administrator. These entities may change their terms of service, privacy policies, purposes of data processing, and methods of using cookies at any time.
Types of collected data
The service collects data about Users. Some data is collected automatically and anonymously, while some data is personal information voluntarily provided by Users when signing up for specific services offered by the Service
Some data (without identifying information) may be stored in cookies. Some data (without identifying information) may be transferred to a statistical service provider.
Access to personal data by third parties
As a rule, the Administrator is the sole recipient of personal data provided by Users. Data collected as part of the services provided are not transferred or sold to third parties.
Access to data (usually based on a Data Processing Agreement) may be held by entities responsible for maintaining the infrastructure and services necessary to run the service, such as:
Hosting companies providing hosting services or related services for the Administrator.
Entrusting personal data processing – Hosting, VPS or Dedicated Server Services
The administrator uses the services of an external hosting provider, VPS or Dedicated Servers – HOSTINGER LIMITED. All data collected and processed on the service is stored and processed in the provider’s infrastructure located within the European Union. There is a possibility of accessing data due to service work carried out by the provider’s staff. Access to this data is governed by an agreement between the Administrator and the Service Provider.
Processing of personal data
Personal data voluntarily provided by Users:
Personal data will not be transferred outside of the European Union, unless it has been published due to the individual actions of the User (e.g. commenting or posting), which will make the data accessible to anyone visiting the website.
Personal data will not be used for automated decision-making (profiling).
Personal data will not be resold to third parties.
Anonymous data (without personal information) collected automatically:
Anonymous data (without personal information) will be transferred outside the European Union. Anonymous data (without personal information) will not be used for automated decision-making (profiling). Anonymous data (without personal information) will not be sold to third parties.
Legal basis for processing personal data
The service collects and processes user data based on:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Personal data processing period
As a rule, the personal data provided is stored only for the duration of the Service provided within the Website by the Administrator. They are deleted or anonymised within 30 days from the end of the service provision (e.g. deleting a registered user account, unsubscribing from the Newsletter list, etc.).
An exception is a situation that requires the Administrator to secure legally justified purposes for further processing of this data. In this situation, the Administrator will keep the specified data, from the time of the User’s request for deletion, for no longer than a period of 3 years in case of violation or suspicion of violation of the service regulations by the User.
Anonymous statistical data, not constituting personal data, is stored by the Administrator for the purpose of maintaining website statistics indefinitely.
Users’ rights related to personal data processing
The service collects and processes user data based on:
Right of access to personal data
Users have the right to access their personal data, which is carried out upon request submitted to the Administrator.
The right to rectify personal data
Users have the right to request the Administrator to promptly correct personal data that are incorrect and/or complete incomplete personal data, carried out upon request submitted to the Administrator.
Right to erasure of personal data
Users have the right to request the Administrator to promptly erase their personal data, carried out upon request submitted to the Administrator. In the case of user accounts, data deletion involves anonymising data that allows for user identification. The Administrator reserves the right to suspend the erasure of data in order to protect the Administrator’s legitimate interests (e.g. if the User has violated the Terms and Conditions or if the data was obtained as a result of correspondence).
For the Newsletter service, Users have the option to delete their personal data themselves by using the link provided in each email message sent.
Right to restrict the processing of personal data
Users have the right to restrict the processing of personal data in cases specified in art. 18 GDPR, including questioning the accuracy of personal data, carried out upon request submitted to the Administrator
Right to data portability Users have the right to obtain from the Administrator personal data concerning the User in a structured, commonly used, machine-readable format, carried out upon request submitted to the Administrator.
Right to object to the processing of personal data Users have the right to object to the processing of their personal data in cases specified in art. 21 GDPR, carried out at the request submitted to the Administrator.
Right to lodge a complaint
Users have the right to lodge a complaint with the supervisory authority responsible for data protection.
Service Requirements
Limiting the storage and access to Cookie files on the User’s Device may cause some functions of the Service to not work properly. The Administrator is not responsible for any malfunctioning functions of the Service if the User restricts the ability to store and read Cookie files in any way.
Changes in Privacy Policy
The administrator reserves the right to make any changes to this Privacy Policy without the need to inform users regarding the application and use of anonymous data or the use of cookies. The administrator reserves the right to make any changes to this Privacy Policy regarding the processing of Personal Data, which will be communicated to users with user accounts or subscribed to the newsletter service via email within 7 days of the changes. Continued use of the services implies acknowledgment and acceptance of the changes made to the Privacy Policy. If a user does not agree with the changes, they are obligated to delete their account from the service or unsubscribe from the newsletter. The changes to the Privacy Policy will be published on this subsection of the service. Changes take effect immediately upon publication.