Privacy Policy
The following Privacy Policy defines the rules for storing and accessing data on Users’ Devices using the Service for electronic service provision by the Administrator and the rules for collecting and processing personal data of Users who provide them voluntarily through the tools available in the Service.

This Privacy Policy is an integral part of the Service Terms and Conditions, defining the rules, rights, and obligations of Users using the Service.

§1 Definitions
Service – the online service “volantor.pl” operating at https://volantor.pl

External Service – external websites of partners, service providers, or service recipients cooperating with the Administrator

Service/Data Administrator – the Service Administrator and Data Administrator (hereinafter referred to as Administrator) is “Probiolife sp. z o.o.”, operating at the address: Długołęka, ul. Słoneczna 32, 55-095 Mirków, Poland, with tax identification number (NIP): 8961515459, providing electronic services through the Service

User – a natural person for whom the Administrator provides electronic services through the Service.

Device – electronic device along with software through which the User gains access to the Service

Cookies – text data collected in the form of files placed on the User’s Device

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Personal data – information about an identified or identifiable natural person (“data subject”); an identifiable person is a person who can be identified, directly or indirectly, based on an identifier such as name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person

Processing – means an operation or set of operations performed on personal data or sets of personal data, whether by automated means or otherwise, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction

Restriction of processing – marking stored personal data to limit its future processing

Profiling – any form of automated processing of personal data that involves using personal data to evaluate certain personal factors of a natural person, especially to analyze or predict aspects related to that person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements

Consent – the consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data concerning them

Personal data breach – a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed

Pseudonymization – the processing of personal data in such a way that it can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person

Anonymization – a permanent process that renders data “personal data” unidentifiable or unlinkable to a specific user or individual.

§2 Data Protection Officer
Under Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer.

For matters related to data processing, including personal data, contact the Administrator directly.

§3 Types of Cookies
Internal Cookies – files placed and read from the User’s Device by the Service’s IT system

External Cookies – files placed and read from the User’s Device by the IT systems of External Services. External Service scripts that may place Cookies on the User’s Devices are consciously embedded in the Service via scripts and services provided and installed on the Service

Session Cookies – files placed and read from the User’s Device by the Service during a single Device session. After the session, the files are deleted from the User’s Device.

Persistent Cookies – files placed and read from the User’s Device by the Service until they are manually deleted. The files are not automatically deleted at the end of the Device session unless the User’s Device is set to delete Cookies after the session.

§4 Data Storage Security
Mechanisms for storing and reading Cookie files – The mechanisms for storing, reading, and exchanging data between Cookies on the User’s Device and the Service are implemented via built-in web browser mechanisms and do not allow other data from the User’s Device or other websites visited by the User, including personal data or confidential information, to be retrieved. It is also practically impossible to transfer viruses, trojans, and other worms to the User’s Device.

Internal Cookies – The Cookies used by the Administrator are safe for User Devices and do not contain scripts, content, or information that could endanger personal data or the security of the Device.

External Cookies – The Administrator takes all possible steps to verify and select service partners with Users’ security in mind. However, the Administrator has no full control over the content of Cookies from external partners. Responsibility for the security of these Cookies, their content, and their compliance with applicable licenses lies with the creators of the External Services, to the extent allowed by law. The list of partners is in the rest of this Privacy Policy.

Control of Cookie files

Users may independently change the settings regarding the storage, deletion, and access to Cookies stored by any website.

The User may delete all stored Cookies using the tools of the Device through which they access the Service.

User Threats – The Administrator uses all possible technical measures to ensure the security of data stored in Cookies. However, it should be noted that the security of this data depends on both sides, including the User’s activities. The Administrator is not responsible for data interception, session impersonation, or data deletion due to the User’s activities, viruses, trojans, and other malware that may infect the User’s Device. Users should follow best practices for internet use to protect against these threats.

Personal data storage – The Administrator ensures all reasonable efforts to ensure that personal data voluntarily provided by Users is secure, with access restricted to authorized persons, in line with the data’s purpose and processing objectives. The Administrator also takes all efforts to secure data from loss through appropriate physical and organizational measures.

§5 Purposes for which Cookies are Used

  • Enhancing and simplifying access to the Service
  • Personalizing the Service for Users
  • Conducting statistics (user numbers, visit counts, device types, connections, etc.)
  • Serving multimedia services
  • Providing social media services

§6 Purposes of Processing Personal Data
Personal data voluntarily provided by Users are processed for one of the following purposes:

  • Provision of electronic services
  • Communication between the Administrator and Users concerning the Service and data protection
  • Securing the legally justified interest of the Administrator

Data about Users collected anonymously and automatically are processed for one of the following purposes:

  • Statistical purposes
  • Securing the legally justified interest of the Administrator

§7 Cookies of External Services
The Administrator uses JavaScript scripts and web components from partners who may place their own Cookies on the User’s Device. Remember, you can control which Cookies are permitted by adjusting the settings of your web browser for each website. Below is a list of partners or their services implemented in the Service that may place Cookies:

Multimedia services:

  • YouTube

Social / Integrated services:
(Registration, Login, content sharing, communication, etc.)

  • Facebook
  • Google+

Statistics:

  • Google Analytics

Services provided by third parties are beyond the control of the Administrator. These parties may modify their service terms, privacy policies, data processing purposes, and methods of using Cookies at any time.

§8 Types of Data Collected
The Service collects data about Users. Some data are collected automatically and anonymously, while some are personal data voluntarily provided by Users when signing up for individual services offered by the Service.

Anonymous data collected automatically include:

  • IP address
  • Browser type
  • Screen resolution
  • Approximate location
  • Pages opened in the Service
  • Time spent on each page
  • Operating system type
  • Referrer page address
  • Language of the browser
  • Internet connection speed
  • Internet service provider

Data collected during registration:

  • Email address
  • IP address (collected automatically)

Data collected when subscribing to the Newsletter:

  • Email address

Some data (without identifying data) may be stored in Cookies. Some data (without identifying data) may be transferred to service providers for statistical purposes.

§9 Access to Personal Data by Third Parties
In principle, the only recipient of personal data provided by Users is the Administrator. Data collected as part of the services provided are not transferred or resold to third parties.

Entities responsible for maintaining the infrastructure and services necessary for operating the Service may have access to the data (typically under a Data Processing Agreement), such as:

  • Hosting companies providing hosting or related services for the Administrator

Data Processing Outsourcing – Hosting, VPS, or Dedicated Servers Services
The Administrator uses an external hosting provider, VPS, or Dedicated Servers – cyberfolks, to operate the Service. All data collected and processed in the Service are stored and processed within the provider’s infrastructure located in Poland. Access to these data is possible due to maintenance work by the provider’s personnel. The access to data is regulated by an agreement between the Administrator and the Service Provider.

§10 Method of Processing Personal Data
Personal data voluntarily provided by Users:

  • Personal data will not be transferred outside the European Union unless published as a result of the User’s individual action (e.g., posting a comment or entry), making the data accessible to anyone visiting the Service.
  • Personal data will not be used for automated decision-making (profiling).
  • Personal data will not be resold to third parties.

Anonymous data (without personal data) collected automatically:

  • Anonymous data (without personal data) may be transferred outside the European Union.
  • Anonymous data (without personal data) will not be used for automated decision-making (profiling).
  • Anonymous data (without personal data) will not be resold to third parties.

§11 Legal Basis for Processing Personal Data
The Service collects and processes Users’ data based on:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

    • Article 6(1)(a) – the data subject has given consent to the processing of their personal data for one or more specific purposes
    • Article 6(1)(b) – processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract
    • Article 6(1)(f) – processing is necessary for the purposes of the legitimate interests pursued by the Administrator or a third party
  • The Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws 2018, item 1000)

  • The Act of 16 July 2004 Telecommunications Law (Journal of Laws 2004, no. 171, item 1800)

  • The Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994, no. 24, item 83)

§12 Period of Processing Personal Data
Personal data provided voluntarily by Users:

In principle, the specified personal data are stored only for the duration of the Service provision by the Administrator. They are deleted or anonymized within 30 days from the end of the Service (e.g., account deletion, unsubscription from the Newsletter).

An exception is a situation that requires the data to be retained to secure legally justified goals for further processing by the Administrator. In such a situation, the Administrator will store the data for no more than 3 years from the time of the request for deletion by the User, in cases of violations or suspected violations of the Service Terms by the User.

Anonymous data (without personal data) collected automatically:

Anonymous statistical data, which do not constitute personal data, are stored by the Administrator for statistical purposes for an indefinite period.

§13 Users’ Rights Related to Personal Data Processing
The Service collects and processes Users’ data based on:

  • Right to access personal data
    Users have the right to access their personal data, provided upon request to the Administrator.

  • Right to rectify personal data
    Users have the right to request the immediate correction of personal data that are incorrect or incomplete by submitting a request to the Administrator.

  • Right to delete personal data
    Users have the right to request the immediate deletion of personal data from the Administrator upon request. In the case of user accounts, the deletion of data involves the anonymization of data enabling User identification. The Administrator reserves the right to withhold the request for data deletion to protect the Administrator’s legitimate interests (e.g., when the User violated the Terms, or data was obtained through correspondence).

  • Right to restrict the processing of personal data
    Users have the right to restrict the processing of personal data in cases specified in Article 18 of the GDPR, such as disputing the accuracy of personal data, upon request to the Administrator.

  • Right to data portability
    Users have the right to receive their personal data from the Administrator in a structured, commonly used, and machine-readable format, upon request.

  • Right to object to the processing of personal data
    Users have the right to object to the processing of their personal data in cases specified in Article 21 of the GDPR, upon request to the Administrator.

  • Right to file a complaint
    Users have the right to file a complaint with the data protection authority.

§14 Contacting the Administrator
The Administrator can be contacted in one of the following ways:

  • Postal address: Probiolife sp. z o.o., Długołęka, ul. Słoneczna 32, 55-095 Mirków, Poland
  • Email address: biuro@datii.pl
  • Telephone: +48 510083086
  • Contact form: available at /contact

§15 Service Requirements
Restricting the recording and access to Cookies on the User’s Device may cause some functions of the Service to operate incorrectly.

The Administrator assumes no responsibility for Service functions that operate incorrectly if the User restricts the ability to save and read Cookies in any way.

§16 External Links
In the Service, articles, posts, entries, or comments by Users may contain links to external websites with which the Service Owner does not cooperate. These links and the sites or files they lead to may be unsafe for the User’s Device or pose a security risk to User data. The Administrator is not responsible for content found outside the Service.

§17 Changes to the Privacy Policy
The Administrator reserves the right to make any changes to this Privacy Policy without informing Users in terms of the use and application of anonymous data or the use of Cookies.

The Administrator reserves the right to make any changes to this Privacy Policy regarding the processing of Personal Data, of which Users with user accounts or subscribed to the Newsletter will be informed by email within 7 days of any changes. Continued use of the Service indicates acknowledgment and acceptance of the changes made to the Privacy Policy. If the User does not agree with the changes, they must delete their account from the Service or unsubscribe from the Newsletter.

Changes to the Privacy Policy will be published on this subpage of the Service.

The introduced changes take effect upon their publication.