Privacy Policy

This Privacy Policy sets the rules for storing and accessing data on Users’ Devices who use the Service for the purpose of providing electronic services by the Administrator, as well as the rules for collecting and processing personal data of Users, which have been provided by them personally and voluntarily through tools available in the Service.

§1 Definitions

• Service – the “CREVERO” online service operating at https://crevero.net.
• External Service – online services of partners, service providers, or contractors cooperating with the Administrator.
• Service/Data Administrator – the Service Administrator and the Data Administrator (hereinafter referred to as the Administrator) is the company “Codessive Daniel Andraszewski”, operating at: ul. Korzona 113/71, Warsaw, 03-571 Poland, with the tax identification number (VAT ID): PL5242679498, providing electronic services via the Service.
• User – an individual for whom the Administrator provides services electronically via the Service.
• Device – an electronic device with software through which the User gains access to the Service.
• Cookies – text data collected in the form of files placed on the User’s Device.
• GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).
• Personal Data – means information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more specific factors related to physical, physiological, genetic, mental, economic, cultural, or social identity.
• Processing – means an operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collecting, recording, organising, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing or destroying.
• Restriction of processing – means the marking of stored personal data to limit their future processing.
• Profiling – means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, particularly to analyse or predict aspects concerning the performance, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements of that individual.
• Consent – consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
• Personal data breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
• Pseudonymisation – means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
• Anonymisation – anonymisation of data is an irreversible process of operations on data that destroys or overwrites “personal data” making it impossible to identify or link a record with a specific user or natural person.

§2 Data Protection Officer

Pursuant to Art. 37 of the GDPR, the Administrator has not appointed a Data Protection Officer. For matters concerning the processing of data, including personal data, please contact the Administrator directly

§3 Types of Cookies

• Internal Cookies – files placed and read from the User’s Device by the Service’s telecommunication system.
• External Cookies – files placed and read from the User’s Device by telecommunication systems of External Services. The scripts of External Services that may place Cookies on the User’s Device have been intentionally embedded in the Service through scripts and services made available and installed in the Service.
• Session Cookies – files placed and read from the User’s Device by the Service during a single session of the Device. After the session ends, the files are deleted from the User’s Device.
• Persistent Cookies – files placed and read from the User’s Device by the Service until they are manually deleted. These files are not deleted automatically after the Device’s session ends unless the User’s Device configuration is set to remove Cookies after the session ends.

§4 Data Storage Security

• Mechanisms for storing and reading Cookie files – The mechanisms for storing, reading, and exchanging data between Cookie files saved on the User’s Device and the Service are implemented through built-in mechanisms of web browsers and do not allow the retrieval of other data from the User’s Device or data from other websites that the User has visited, including personal data or confidential information. Transferring viruses, trojans, or other worms to the User’s Device is also practically impossible.
• Internal Cookies – Cookies used by the Administrator are safe for Users’ Devices and do not contain scripts, content, or information that could endanger the security of personal data or the security of the Device used by the User.
• External Cookies – The Administrator takes all possible measures to verify and select service partners in the context of Users’ security. The Administrator cooperates with reputable, well-known partners of global trust. However, the Administrator does not have full control over the content of Cookies from external partners. Therefore, as much as the law allows, the Administrator is not responsible for the security, content, or lawful use of Cookies from External Services installed through scripts embedded in the Service. The list of partners is included in the further part of this Privacy Policy.
• Control of Cookie Files
  • Users can, at any time, independently change their settings for saving, deleting, and accessing the data saved in Cookie files by each website.
  • Instructions on how to disable Cookies in the most popular desktop browsers are available on the following sites:
    • Managing Cookies in Google Chrome browser
    • Managing Cookies in Opera browser
    • Managing Cookies in Mozilla Firefox browser
    • Managing Cookies in Microsoft Edge browser
    • Managing Cookies in Safari browser
  • Users can delete all Cookie files saved so far using tools available on the User’s Device through which they use the Service.
• User Side Risks – The Administrator uses all possible technical measures to ensure the security of data placed in Cookie files. However, it should be noted that the security of these data depends on both sides, including the User’s activities. The Administrator is not responsible for interception, session impersonation, or deletion of these data as a result of intentional or unintentional User activity, viruses, trojans, or other spyware that may or has infected the User’s Device. To secure against these threats, Users should follow the guidelines for safe Internet usage.
• Personal Data Storage – The Administrator ensures that every effort is made to keep personal data voluntarily entered by Users secure, restrict access, and process it in line with its intended purpose. The Administrator also ensures every effort to secure stored data from loss through the application of appropriate physical and organisational safeguards.

§5 Purposes for Which Cookies Are Used

• Enhancing and facilitating access to the Service
• Personalising the Service for Users
• Marketing and remarketing on external platforms
• Advertising services
• Affiliate services
• Conducting statistics (user counts, number of visits, types of devices, connections, etc.)
• Providing multimedia services
• Offering social networking services

§6 Purposes of Personal Data Processing

Personal data voluntarily provided by Users is processed for one of the following purposes:

• Provision of electronic services:
  • Handling enquiries via the contact form
  • Services for sharing information about content placed on the Service across social media or other websites
• Communication between the Administrator and Users regarding matters related to the Service and data protection
• Ensuring the legitimate interests of the Administrator
• Data about Users collected anonymously and automatically is processed for one of the following purposes:
  • Conducting statistics
  • Remarketing
  • Serving advertisements tailored to Users’ preferences
  • Managing affiliate programmes
  • Ensuring the legitimate interests of the Administrator

§7 Cookies from External Services

The Administrator uses JavaScript scripts and web components from partners on the Service, who may place their own cookies on the User’s Device. Remember that you can control which cookies are allowed on specific websites through your browser settings. Below is a list of partners or their services implemented on the Service that may place cookies:

• Multimedia services:
  • YouTube
• Social / integrated services:
  (Registration, login, content sharing, communication, etc.)
  • Google
  • Twitter
  • Facebook
• Newsletter services:
  • MailerLite
• Advertising services and affiliate networks:
  • Google Ads
  • Facebook Ads
• Analytics:
  • Google Analytics
  • Meta Pixel

Services provided by third parties are beyond the control of the Administrator. These entities may change their terms of service, privacy policies, purposes of data processing, and methods of using cookies at any time.

§8 Types of Data Collected

The Service collects data about Users. Some data is collected automatically and anonymously, while other data consists of personal information voluntarily provided by Users when subscribing to specific services offered by the Service.

Anonymous data collected automatically:

• IP address
• Browser type
• Screen resolution
• Approximate location
• Pages viewed on the service
• Time spent on specific pages of the service
• Type of operating system
• Previous page address
• Referring site address
• Browser language
• Internet connection speed
• Internet service provider
• Demographic data (age, gender)

Data collected when subscribing to the Newsletter service:

• Name / pseudonym
• Email address
• IP address (collected automatically)

Some data (without identifying information) may be stored in cookies. Some data (without identifying information) may be transferred to statistical service providers.

§9 Access to Personal Data by Third Parties

As a rule, the sole recipient of personal data provided by Users is the Administrator. Data collected through the services provided is not shared or sold to third parties.

Access to the data (typically based on a Data Processing Agreement) may be granted to entities responsible for maintaining the infrastructure and services necessary for running the website, such as:

• Hosting companies providing hosting or related services for the Administrator
• Companies through which the Newsletter service is provided

Data Processing Delegation – Hosting, VPS, or Dedicated Server Services
The Administrator uses the services of an external VPS (Virtual Private Server) provider – Hetzner, to run the website. All data collected and processed on the website is stored and processed within the provider’s infrastructure located within the European Union. Access to the data may occur as a result of maintenance work carried out by the provider’s personnel. Access to this data is regulated by an agreement between the Administrator and the Service Provider.

Data Processing Delegation – Email Service
The Administrator, to handle inquiries via the contact form, uses the technical infrastructure of a third party – Oracle Cloud Infrastructure. All data collected and processed on the website is stored and processed within the provider’s infrastructure located within the European Union. Personal data entered in the contact form is processed as part of the provider’s dedicated email service. Please note that the indicated partner may modify the privacy policy without the Administrator’s consent.

§10 Method of Processing Personal Data

Personal data voluntarily provided by Users:

• Personal data will not be transferred outside the European Union unless it has been published as a result of individual actions by the User (e.g., posting a comment or entry), making the data accessible to anyone visiting the website.
• Personal data will not be used for automated decision-making (profiling).
• Personal data will not be sold to third parties.
• Anonymous data (without personal data) collected automatically:
  • Anonymous data (without personal data) may be transferred outside the European Union.
  • Anonymous data (without personal data) will not be used for automated decision-making (profiling).
  • Anonymous data (without personal data) will not be sold to third parties.

§11 Legal Basis for Processing Personal Data

The Service collects and processes User data based on:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation):
  • Article 6(1)(a): the data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Article 6(1)(b): processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract.
  • Article 6(1)(f): processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
• Act of 10 May 2018 on the Protection of Personal Data (Polish Journal of Laws 2018, item 1000).
• Act of 16 July 2004 – Telecommunications Law (Polish Journal of Laws 2004, No. 171, item 1800).
• Act of 4 February 1994 on Copyright and Related Rights (Polish Journal of Laws 1994, No. 24, item 83).

§12 Duration of Processing Personal Data

Personal Data Provided Voluntarily by Users
As a general rule, the specified personal data is retained solely for the duration of the Service provided by the Administrator within the Service. This data is deleted or anonymised within a period of up to 30 days from the conclusion of the service provision (e.g., deletion of a registered user account, unsubscribing from the Newsletter, etc.).

An exception applies in situations that require securing the legitimate interests of further processing of this data by the Administrator. In such cases, the Administrator will retain the specified data, from the time the User requests its deletion, for no longer than a period of 3 years in the event of a breach or suspicion of breach of the Service’s terms and conditions by the User.

Automatically Collected Anonymous Data (Without Personal Data):

• Anonymous statistical data, which does not constitute personal data, is retained by the Administrator for the purpose of conducting Service statistics for an indefinite period.

§13 Users’ Rights Related to the Processing of Personal Data

The Service collects and processes User data based on the following rights:

• Right of Access to Personal Data
  Users have the right to obtain access to their personal data, which can be exercised upon request submitted to the Administrator.
• Right to Rectification of Personal Data
  Users have the right to request the Administrator to promptly rectify any inaccurate personal data and/or to complete any incomplete personal data, which can be exercised upon request submitted to the Administrator.
• Right to Deletion of Personal Data
  Users have the right to request the Administrator to promptly delete their personal data, which can be exercised upon request submitted to the Administrator. In the case of user accounts, deletion of data involves anonymising data that can identify the User. The Administrator reserves the right to suspend the fulfilment of the request for data deletion to protect the legitimate interests of the Administrator (e.g., in cases where the User has violated the Terms and Conditions or the data was obtained through correspondence). For the Newsletter service, Users have the option to independently delete their personal data using the link provided in each email sent.
• Right to Restrict the Processing of Personal Data
  Users have the right to restrict the processing of their personal data in cases specified in Article 18 of the GDPR, including disputing the accuracy of personal data, which can be exercised upon request submitted to the Administrator.
• Right to Data Portability
  Users have the right to obtain from the Administrator their personal data in a structured, commonly used, and machine-readable format, which can be exercised upon request submitted to the Administrator.
• Right to Object to the Processing of Personal Data
  Users have the right to object to the processing of their personal data in cases specified in Article 21 of the GDPR, which can be exercised upon request submitted to the Administrator.
• Right to Lodge a Complaint
  Users have the right to lodge a complaint with a supervisory authority responsible for the protection of personal data.

§14 Contacting the Administrator

You can contact the Administrator in one of the following ways:

• Postal Address: Codessive Daniel Andraszewski, ul. Korzona 113/71, Warsaw 03-571, Poland.
• Email Address: [email protected]
• Telephone +48 789 220 880

§15 Service Requirements

• Limiting the storage and access to cookies on the User’s Device may cause some functions of the Service to malfunction.
• The Administrator shall not be held responsible for any malfunctioning features of the Service if the User restricts in any way the ability to store and read cookies.

§16 External Links

The Service – whether in articles, posts, entries, or User comments—may contain links to external websites that the Owner of the service does not collaborate with. These links, along with the pages or files they point to, may pose a risk to your Device or compromise the security of your data. The Administrator shall not be held responsible for the content found outside the Service.

§17 Changes to the Privacy Policy

• The Administrator reserves the right to change this Privacy Policy at any time without the obligation to inform Users regarding the use and processing of anonymous data or the use of Cookies.
• The Administrator also reserves the right to change this Privacy Policy in relation to the processing of Personal Data, of which Users with accounts or subscribers to the newsletter will be informed via email within 7 days of the changes. Continued use of the services signifies acceptance of the changes to the Privacy Policy. If a User does not agree with the changes made, they are required to delete their account from the Service or unsubscribe from the Newsletter.
• Any changes to the Privacy Policy will be published on this subpage of the Service.
• The changes will come into effect upon publication.