Privacy policy

TWO-COLOURS PRIVACY POLICY AND COOKIES POLICY

 

By using the website https://two-colours.com/en/ you accept the following terms of the Privacy Policy and Cookie Policy.

As a User, please read its provisions. The following table of contents will help you to do so. In it, we inform you how we care for Users’ data, how we process them, to whom we entrust them and about many other important issues related to personal data.

§1 GENERAL PROVISIONS

 

This Privacy Policy and Cookies Policy sets out the rules for the processing and protection of personal data provided by Users and the policy of cookies, as well as other technologies appearing on the website https://two-colours.com/en/

 

The administrator of the website and personal data provided by the website is TWO COLOURS AGENCY limited liability company with headquarters in Kraków (31-234), Kuźnicy Kołłątajowskiej 23g/48, entered in the Register of Entrepreneurs of the National Court Register under KRS number 0000763942, NIP: 5482712930, REGON: 382113461, share capital of PLN 10,000.00, according to the information corresponding to the current extract from the Register of Entrepreneurs contained in the Central Information of the National Court Register, represented by Dawid Kotrys – CEO.

 

We care about the security of personal data and the privacy of Website Users. We are glad you visited our website.

In case of any doubts regarding the provisions of this Privacy Policy and Cookies Policy, please contact the Administrator via the e-mail address kontakt@dwa-kolory.pl.

The Administrator reserves the right to make changes to the privacy policy, and each User of the website is obliged to know the current privacy policy. The reason for the changes may be the development of internet technology, changes in generally applicable law or the development of the Website, e.g. by using new tools by the Administrator. At the bottom of the page you can find the date of publication of the current Privacy Policy.

§2 DEFINITIONS

Administrator – TWO COLOURS AGENCY limited liability company with headquarters in Kraków (31-234), Kuźnicy Kołłątajowskiej 23g/48, entered into the Register of Entrepreneurs of the National Court Register under KRS number: 0000763942, NIP: 5482712930, REGON: 382113461, share capital in the amount of PLN 10,000.00, in accordance with the information corresponding to the current excerpt from the Register of Entrepreneurs contained in the Central Information of the National Court Register , represented by Dawid Kotrys – CEO.

User – any entity visiting the website and using it.

Website – the website located at https://two-colours.com/en/

Newsletter – means a free service provided electronically by the Administrator to the User by sending electronic letters (e-mails), through which the Administrator informs about events, services, products and other elements that are important to the Administrator and/or in order to realize the Administrator’s legitimate goal, which is direct marketing. Detailed information on the sending of the Newsletter can be found further in this privacy policy.

Form or Forms – places on the Website that allow the User to enter personal data for the purposes indicated therein, e.g. to send a newsletter, to place an order, to contact the User.

GDPR – means General Data Protection Regulation and of the Council EU 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Data Protection Act – the Act of 10 May 2018 on the protection of personal data (Journal of Laws 2018, item 1000, as amended).

Act on Providing Services by Electronic Means – Act of 18 July 2002 on Providing Services by Electronic Means (Journal of Laws No. 144, item 1204, as amended).

Telecommunications Act – the Act of July 16, 2004 Telecommunications Act (Journal of Laws of 2004, No. 171, item 1800, as amended).

§3 PERSONAL DATA AND RULES OF PROCESSING THEM

WHO IS THE ADMINISTRATOR OF THE USER’S PERSONAL DATA?

The administrator of User’s personal data is TWO COLOURS AGENCY limited liability company with headquarters in Kraków (31-234), Kuźnicy Kołłątajowskiej 23g/48, entered in the Register of Entrepreneurs of the National Court Register under KRS number 0000763942, NIP: 5482712930, REGON: 382113461, share capital of PLN 10,000.00, according to the information corresponding to the current copy of the Register of Entrepreneurs contained in the Central Information of the National Court Register, represented by Dawid Kotrys – CEO.

 

IS THE PROVISION OF DATA VOLUNTARY? WHAT ARE THE CONSEQUENCES OF NOT PROVIDING THE DATA?

Providing data is voluntary, however, failure to provide certain information, generally marked on the Administrator’s websites as mandatory, will result in the inability to perform a given service and achieve a specific goal or take specific actions.

Providing by the User data that are not mandatory or an excess of data that the Administrator does not need to process takes place on the basis of the decision of the User himself/herself and then the processing takes place on the basis of the premise contained in art. 6 sec. 1 letter A, GDPR (consent). The User gives consent to the processing of this data and to anonymise data that the Administrator does not require and does not want to process, and yet the User has provided them to the Administrator.

 

FOR WHAT PURPOSES AND ON WHICH LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA PROVIDED AS PART OF THE USE OF THE WEBSITE?

The User’s personal data on the Administrator’s Website may be processed for the following purposes and on the following legal bases:

  1. To provide a service or perform a concluded contract, to send an offer  (e.g. advertising) at the User’s request – pursuant to art. 6 sec. 1 letter B, GDPR (necessity to conclude and / or perform a contract or take action on request);
  2. issuing an invoice, bill and meeting other obligations resulting from the provisions of tax law – pursuant to art. 6 sec. 1 letter B GDPR (obligation resulting from legal provisions);
  3. in order to send the newsletter – pursuant to art. 6 sec. 1 letter F, GDPR (legitimate interest of the administrator consisting in the processing of data for direct marketing purposes) and on the basis of the Act on the provision of electronic services (consent);
  4. informing about promotions and interesting offers of the Administrator or entities recommended by him – pursuant to art. 6 sec. 1 letter A, GDPR (consent);
  5. establishing, investigating or defending against claims – pursuant to art. 6 sec. 1 letter F, GDPR (legitimate interest of the administrator);
  6. phone contact in matters related to the implementation of the service – pursuant to art. 6 sec. 1 letter B, GDPR (necessity to conclude and / or perform the contract);
  7. telephone contact in order to present an offer and direct marketing – pursuant to art. 6 sec. 1 letter A, GDPR (consent) and pursuant to art. 6 sec. 1 letter F, GDPR (legitimate interest of the administrator), if you are already our customer;
  8. creating registers related to the GDPR and other regulations – pursuant to art. 6 sec. 1 letter C, GDPR (obligation resulting from legal provisions) and art. 6 sec. 1 letter F, GDPR (legitimate interest of the administrator);
  9. analytical, consisting, inter alia, in the analysis of data collected automatically when using the website, including cookies, e.g. Google Analytics cookies, Facebook Pixel – pursuant to art. 6 sec. 1 letter F, GDPR (legitimate interest of the administrator);
  10. the use of cookies on the Website and its subpages – pursuant to art. 6 sec. 1 letter A, GDPR (consent);
  11. satisfaction surveys with the services offered – pursuant to art. 6 sec. 1 letter F, GDPR (legitimate interest of the administrator);
  12. the User posting an opinion on the services provided by the Administrator – pursuant to art. 6 sec. 1 letter A, GDPR (consent);
  13. managing the Website and the Administrator’s pages on other platforms – pursuant to art. 6 sec. 1 letter F, GDPR (legitimate interest of the administrator);
  14. in order to adjust the content displayed on the Administrator’s websites to individual needs and to constantly improve the quality of services offered – pursuant to art. 6 sec. 1 letter F, GDPR (legitimate interest of the administrator);
  15. for the purpose of direct marketing directed to the User of own products or services or recommended products of third parties – pursuant to art. 6 sec. 1 letter F, GDPR (legitimate interest of the administrator);
  16. in order to create Users’ own databases – pursuant to art. 6 sec. 1 letter F, GDPR (legitimate interest of the administrator);
  17. in order to operate the fanpage under the name: Two Colours Agency on Facebook and to interact with users – pursuant to art. 6 sec. 1 letter F, GDPR (legitimate interest of the administrator);
  18. in order to operate an account on LinkedIn under the name of Two Colours Agency and to interact with users – pursuant to art. 6 sec. 1 letter F, GDPR (legitimate interest of the administrator);
  19. in order to process, record and disseminate the customer’s image and/or – pursuant to art. 6 sec. 1 letter A, GDPR (consent);
  20. in order to target advertising in social media and on websites, such as Facebook LeadsAds or Facebook Custom Audience, and to target remarketing – pursuant to art. 6 sec. 1 letter A, GDPR (consent) and pursuant to art. 6 sec. 1 letter F, GDPR (legitimate interest of the administrator) consisting in the promotion and advertising of the Administrator’s services through remarketing addressed to people subscribed to mailing or visitors to a given website).

Providing by the User data that are not mandatory or an excess of data that the Administrator does not need to process takes place on the basis of the decision of the User himself and then the processing takes place on the basis of the premise contained in art. 6 sec. 1 letter A, GDPR (consent). The User gives consent to the processing of this data and to anonymise data that the Administrator does not require and does not want to process, and yet the User has provided them to the Administrator.

 

HOW IS DATA COLLECTED?

Only the data that the User provides themselves is collected and processed (except – in certain situations – data collected automatically using cookies and login data, as mentioned below).

When visiting the website, data about the visit itself is automatically collected, e.g. user’s IP address, domain name, browser type, operating system type, etc. (login data). Data collected automatically can be used to analyze user behavior on the website, collect demographic data about users or to personalize the content of the website in order to improve it. However, these data are processed only for the purposes of website administration, ensuring efficient hosting service or directing marketing content and are not associated with the data of individual users. You can read more about cookies later in this policy.

Data may also be collected for the purposes of filling in forms on the Website, as discussed further in the privacy policy.

 

WHAT ARE THE USER’S RIGHTS?

The user is entitled at any time to the rights contained in art. 15-21 of the GDPR, i.e .:

  • the right to access his/her data,
  • the right to transfer data,
  • the right to correct data,
  • the right to rectify data,
  • the right to delete data if there are no grounds for their processing,
  • the right to limit the processing, if it was performed incorrectly or without a legal basis,
  • the right to object to the processing of data on the basis of the legitimate interest of the administrator,
  • the right to lodge a complaint with the supervisory body – the President of the Personal Data Protection Office (on the terms set out in the Personal Data Protection Act), if he considers that the processing of his data is inconsistent with the currently applicable data protection law.
  • the right to be forgotten if further processing is not provided for by the currently applicable law.

The Administrator points out that these rights are not absolute and do not apply to all processing activities of the User’s personal data. This applies, for example, to the right to obtain a copy of the data. This permission may not adversely affect the rights and freedoms of others, such as copyrights. In order to learn about the limitations of the User’s rights, I refer to the content of the GDPR.

However, the user always has the right to lodge a complaint with the supervisory authority.

In order to exercise his/her rights, the User may contact the Administrator by e-mail: kontakt@dwa-kolory.pl or by letter to the Administrator’s place of business address, if provided in this Privacy Policy, indicating the scope of his/her requests. A response will be provided no later than 30 days from the date of receipt of the request and its justification, unless an extension of this period is justified in accordance with the GDPR.

 

CAN THE USER WITHDRAW THE EXPRESSED CONSENT?

If the User has consented to a specific action, such consent may be withdrawn at any time, which will result in the removal of the e-mail address from the Administrator’s mailing list and cessation of the indicated activities (in the case of subscription based on consent). Withdrawal of consent does not affect the processing of data which was made on the basis of consent before its withdrawal.

In some cases, the data may not be completely deleted and will be retained in order to defend against possible claims for the time specified in the provisions of the Civil Code or, for example, to fulfill legal obligations imposed on the Administrator.

Each time, the Administrator will refer to the User’s request, adequately justifying further actions resulting from legal obligations.

DO WE TRANSFER YOUR DATA TO THIRD COUNTRIES?

The User’s data may be transferred outside the European Union – to third countries.

Due to the fact that the Administrator uses external providers of various services, e.g. Facebook and subsidiaries, Google, etc., the User’s data may be transferred to the United States of America (USA) in connection with their storage on American servers (in whole or in part) . Google and Facebook use the compliance mechanisms provided for by the GDPR (e.g. certificates) or standard contractual clauses for their services. They will be provided only to recipients who guarantee the highest protection and data security, including through:

  1. cooperation with entities processing personal data in countries for which a relevant decision of the European Commission has been issued,
  2. use of standard contractual clauses issued by the European Commission,
  3. application of binding corporate rules approved by the competent supervisory authority,

or to the transfer of personal data which the User has consented to.

Detailed information is available in the content of the privacy policy of each of the providers of these services, available on their websites. For example:

Google LLC: https://policies.google.com/privacy?hl=en

Facebook Ireland Ltd.: https://www.facebook.com/privacy/explanation

Currently, the services offered by Google and Facebook are provided mainly by entities located in the European Union. You should, however, always read the privacy policy of these providers in order to receive up-to-date information on the protection of personal data.

 

HOW LONG DO WE KEEP YOUR DATA?

The User’s data will be stored by the Administrator for the duration of individual services / goals achievement and:

  1. for the period of service and cooperation, as well as for the period of limitation of claims in accordance with the law – in relation to data provided by contractors and customers or Users,
  2. for the period of conversations and negotiations preceding the conclusion of the contract or the performance of the service – in relation to the data provided in the inquiry,
  3. for the period required by law, including tax law – in relation to personal data related to the fulfillment of obligations under applicable provisions,
  4. until the objection submitted pursuant to Art. 21 GDPR – in relation to personal data processed on the basis of the legitimate interest of the administrator, including for the purposes of direct marketing,
  5. until the consent is withdrawn or the purpose of processing or business purpose is achieved – in relation to personal data processed on the basis of consent. After the consent has been withdrawn, the data may still be processed in order to defend against possible claims in accordance with the limitation period for these claims or the (shorter) period indicated to the User,
  6. until they become obsolete or lose their usefulness – in relation to personal data processed mainly for analytical and statistical purposes, the use of cookies and the administration of the Administrator’s Pages.

Data storage periods indicated in years are counted at the end of each year in which data processing has started. This is to improve the data processing and management process.

Detailed periods of personal data processing, concerning individual processing activities, can be found in the register of processing activities and the register of categories of processing activities of the Administrator.

 

LINKS TO OTHER PAGES

Links to other websites may appear on our website. They will open in a new browser window or the same window. The administrator is not responsible for the content provided by these websites. The user is obliged to read the privacy policy or the regulations of these websites.

 

ACTIVITIES ON SOCIAL MEDIA – FACEBOOK

The administrator of the User’s personal data on the fanpage under the name “Two Colours Agency” on Facebook (hereinafter referred to as Fanpage) is the Administrator.

The User’s personal data provided on Fanpage will be processed for the purpose of administering and managing the Fanpage, communicating with the User, interacting, directing marketing content to the User and creating a Fanpage community.

The data processed as part of the Administrator’s business account may be processed on the basis of relevant personal data processing agreements.

The basis for their processing is the consent of the User and the legitimate interest of the administrator consisting in interacting with Users and Fanpage Followers. The user voluntarily decides to like/follow Fanpage.

The rules of Fanpage are set by the Administrator, however the rules of staying on Facebook result from Facebook regulations.

The User may stop following Fanpage at any time. However, the Administrator will not display any content from the Administrator related to Fanpage to the User.

The Administrator sees the User’s personal data, such as name, surname or general information that the User places on his profiles as public. The processing of other personal data is carried out by the social network Facebook and on the terms contained in its regulations.

The User’s personal data will be processed for the duration of the Fanpage’s operation/existence on the basis of consent expressed by liking/clicking “Follow” Fanpage or interacting, e.g. leaving a comment, sending a message and to implement the Administrator’s legitimate interests, i.e. marketing of own products or services or defense against claims.

The User’s personal data may be shared with other recipients of data, such as Facebook, cooperating advertising agencies or other subcontractors supporting the Administrator’s Fanpage, IT service, virtual assistant, if contact occurs outside the Facebook portal.

Other rights of the User are described in this privacy policy.

User’s data may be transferred to third countries in accordance with Facebook’s regulations.

These data can also be profiled, which helps to better personalize the advertising offer addressed to the User. However, they will not be processed in an automated manner within the meaning of the GDPR (having a negative impact on the rights and freedoms of the User).

The administrator recommends reading both the Facebook regulations: https://www.facebook.com/legal/terms.

 

ACTIVITIES ON SOCIAL MEDIA – LINKEDIN

The administrator of the User’s personal data on the LinkedIn portal under the “Two Colours Agency” account (hereinafter referred to as the LinkedIn account) is the Administrator.

The User’s personal data provided on the LinkedIn account will be processed for the purposes of administering and managing the account, communicating with the User, interacting, directing marketing content to the User and creating a community.

The basis for their processing is the User’s consent and the Administrator’s legitimate interest in interacting with the Users and Followers of the LinkedIn account. The user voluntarily decides to like the content/follow the LinkedIn account.

The rules of your LinkedIn account are set by the Administrator; however, the rules of being on the LinkedIn social network are based on LinkedIn’s rules.

At any time, the User may unfollow the LinkedIn account belonging to the Administrator. However, the Administrator will not display any content from the Administrator to the User related to the LinkedIn account “Two Colours Agency

The Administrator sees the User’s personal data, such as name, surname or general information that the User places on his profiles as public. The processing of other personal data is carried out by the LinkedIn social network and on the terms contained in its regulations.

The User’s personal data will be processed for the duration of the LinkedIn account on the basis of the consent expressed by liking the content/clicking “Follow” or interacting, e.g. leaving a comment, sending a message and in order to implement the Administrator’s legitimate interests, i.e. marketing of own products or services or defense against claims.

The User’s personal data may be shared with other data recipients, such as the LinkedIn portal, cooperating advertising agencies or other subcontractors operating the Administrator’s LinkedIn account, IT service, virtual assistants, if contact takes place outside the LinkedIn portal.

Other rights of the User are described in this privacy policy.

The administrator recommends reading the LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com%7Cli-other.

 

DATA SAFETY

The User’s personal data are stored and protected with due care, in accordance with the Administrator’s internal procedures implemented. The Administrator processes information about the User using appropriate technical and organizational measures that meet the requirements of generally applicable law, in particular the provisions on the protection of personal data. These measures are primarily aimed at securing Users’ personal data against access by unauthorized persons.

In particular, only authorized persons who are obliged to keep this data secret or entities entrusted with the processing of personal data on the basis of a separate data entrustment agreement have access to the Users’ personal data.

At the same time, the user should exercise due diligence in securing his personal data provided on the Internet, in particular not to disclose his login details to third parties, use anti-virus protection and update the software.

 

WHO CAN THE RECIPIENTS OF PERSONAL DATA BE?

The administrator informs that he uses the services of external entities. Entities entrusted with the processing of personal data (such as, for example, courier companies, electronic payment intermediaries, companies offering accounting services, companies enabling the sending of newsletters) guarantee the application of appropriate measures of protection and security of personal data required by law, in particular by the GDPR.

The Administrator informs the User that he entrusts the processing of personal data, among others the following entities:

  1. ActiveCampaign, LLC (“ActiveCampaign”) 1 North Dearborn St 5th Floor Chicago, IL 60602 – for sending the newsletter and using the mailing system
  2. “FINANSE 4D” Sp. z o.o., ul. Łaciarska 7, 50-104 Wrocław, KRS: 0000389149, NIP: 8992721208 – in order to issue accounting documents,
  3. Fakturownia Sp. z o.o., ul. Juliana Smulikowskiego 6/8, 00-389 Warszawa, KRS: 0000572426, NIP 5213704420–to operate the invoicing system,
  4. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google LLC) – to use Google services, including Gsuite,
  5. H88 joint-stock company, ul. Franklin Roosevelt 22, 60-829 Poznań, KRS: 0000612359, NIP: 7822622168 – entity providing services for the operation of the domain and mail server
  6. other contractors or subcontractors involved in technical and administrative services, or to provide legal assistance to the Administrator and his clients, e.g. courier companies, IT, graphic, copywriting, debt collection companies, lawyers, etc.
  7. offices, e.g. the tax office – in order to fulfill legal and tax obligations related to settlements and accounting.

 

HAVE WE APPOINTED A DATA PROTECTION OFFICER?

The Personal Data Administrator hereby informs that he has not appointed the Personal Data Protection Inspector (UODO) and performs his own duties related to the processing of personal data.

The user acknowledges that his/her personal data may be transferred to authorized state authorities in connection with their proceedings, at their request and after meeting the conditions confirming the necessity to obtain such data from the Administrator.

 

DO WE PROFILE USER DATA?

The User’s personal data will not be used for automated decision-making affecting the rights, obligations or freedoms of the User within the meaning of the GDPR.

As part of the website and tracking technologies, the User’s data may be profiled, which helps to better personalize the company’s offer that the Administrator directs to the User (mainly through the so-called behavioral advertising). However, this should not have any impact on the legal situation of the User, in particular on the terms of the contracts concluded by him/her or agreements, which he/she intends to conclude. It can only help to better match the content and targeted ads to the User’s interests. The information used is anonymous and is not associated with personal data provided by the User, e.g. during the purchase process. They result from statistical data, e.g. gender, age, interests, approximate location, behavior on the Website.

Each User has the right to object to profiling if it would have a negative impact on the rights and obligations of the User.

More about behavioral advertising: https://instapage.com/blog/behavioral-advertising

§4 FORMS

The Administrator uses the following types of forms within the Website:

  1. Newsletter subscription form – requires entering your name and e-mail address in the appropriate place. These fields are mandatory. Then the User, in order to add his/her e-mail address to the Administrator’s subscriber base, must confirm his/her willingness to subscribe. The data obtained in this way is added to the mailing list for the purpose of sending the newsletter.

Subscription /saving means that the User agrees with this Privacy Policy and agrees to send him marketing and commercial information by means of electronic communication, e.g. e-mail, within the meaning of the Act of 18 July 2002 on the Providing Services by Electronic Means (Journal of Laws No. 144, item 1204, as amended).

By subscribing to the newsletter, the User also agrees to the Administrator using the User’s telecommunications end devices (e.g. phone, tablet, computer) for direct marketing of the Administrator’s products and services and to provide the User with commercial information in accordance with art. 172 (1) of the Telecommunications Law (Journal of Laws of 2014, item 243, as amended)

The above consents are voluntary, but necessary to send the newsletter, including to inform about services, new blog entries, products, promotions and discounts offered by the Administrator or third party products recommended by him. Consents may be withdrawn at any time, which will result in stopping sending the newsletter in accordance with the rules contained in this privacy policy.

The newsletter is sent for an indefinite period, from the moment of activation until the consent is withdrawn. After the consent is withdrawn, the User’s data may be stored in the newsletter database for a period of up to 3 years, in order to demonstrate the User’s consent to communication via the newsletter, User’s actions (opening e-mails) and the moment of its withdrawal, as well as possible including claims, which is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR).

The sending of the newsletter may be discontinued if the User does not show activity for a minimum of 1 year from the start of the newsletter service or the last e-mail message (sent newsletter) was read. In this case, the Administrator will delete the User’s data from the system for sending the newsletter (supplier). The User will not be entitled to receive any message from the Administrator, unless he/she decides to re-subscribe to the Newsletter subscription form or contacts the Administrator in a different way selected for this purpose.

The mailing system used to send the newsletter records all activity and actions taken by the User related to the e-mails sent to him (date and time of opening the message, clicking on links, unsubscribing, etc.).

The administrator may also carry out remarketing on the basis of art. 6 sec. 1 letter. f GDPR (the legitimate interest of the administrator, consisting in the promotion and advertising of services addressed to people subscribed to the newsletter, in such a way that the e-mail addresses of subscribers are uploaded to the marketing tool offered by Facebook Inc. they are advertisements created by the Administrator or authorized persons through the Administrator’s advertising account, provided that the newsletter subscribers are also users of the Facebook platform (they have an account there). Each time these data are deleted after the end of the advertising campaign. the updated subscriber base is loaded into the tool). Detailed information about the so-called groups of non-standard recipients, the rules for data hashing and processing of this data can be found in the privacy policy of Facebook at this link https://www.facebook.com/legal/terms/customaudience# and https://www.facebook.com/legal/terms/dataprocessing, and the Administrator recommends that each User and subscriber read these rules.

Ads on Facebook can also be directed from the Administrator’s business account on the basis of separate personal data processing agreements.

2. Contact form – allows you to send a message to the Administrator and contact him by e-mail. Personal data in the form of first name, last name, e-mail address, phone number and data provided in the message are processed by the Administrator in accordance with this Privacy Policy in order to contact the User.

After contacting you, the data may be archived, which is the legitimate interest of the Administrator. The administrator is not able to specify the exact archiving period and thus the deletion of the message. However, the maximum period will not be longer than the statutory limitation periods.

The Administrator may entrust the processing of personal data to third parties without a separate consent of the User (based on an entrustment agreement). The data obtained from the forms may not be transferred to third parties.

If the User uses the services of external providers, such as Google, he/she should read their privacy policy, available from the providers of these services, on their websites.

§5 EXCLUSION OF LIABILITY AND COPYRIGHT

  1. The content presented on the Website does not constitute specialist (e.g. educational) advice or guidance and does not relate to a specific factual state. If the User wants to get help in a specific matter, he/she should contact the person authorized to provide such advice or the Administrator using the contact details provided. The Administrator is not responsible for the use of the content on the Website or any actions or omissions made on their basis
  2. All content posted on the Website may be subject to the copyright of certain persons and/or the Administrator (e.g. photos, texts, other materials, etc.). The administrator does not consent to copying this content in whole or in part without his express prior consent.
  3. The Administrator informs the User that any dissemination of content made available by the Administrator is a violation of the law and may give rise to civil or criminal liability. The administrator may also claim appropriate compensation for material or non-material losses in accordance with applicable regulations.
  4. The administrator is not responsible for unlawful use of the materials available on the website.
  5. The content on the Website is correct as at the date of posting, unless otherwise indicated.

§6 TECHNOLOGIES

In order to use the Administrator’s website, it is necessary to have:

  1. A device with access to the Internet
  2. An active electronic mailbox that receives e-mails
  3. A web browser that allows you to display websites
  4. Software that allows reading the content in the following formats, e.g. pdf, video, mp3, mp4.

§7 COOKIES POLICY

  1. Like most websites, the Administrator’s Website uses the so-called tracking technologies, i.e. cookies (“cookies”), which allows the Website to be improved in terms of the needs of its visitors.
  2. The website does not automatically collect any information, except for information contained in cookies.
  3. Cookies are IT data, small text files that are stored on the end device, e.g. computer, tablet, smartphone, when the User uses the Administrator’s Website.
  4. These may be own cookies (coming directly from the Administrator’s Website) and third party cookies (from websites other than the Administrator’s Website).
  5. Cookies allow the content of the Administrator’s Website to be adjusted to the individual needs of the User and the needs of other Users visiting it. They also enable the creation of statistics that show how website users use it and how they navigate it. Thanks to this, the Administrator can improve the Website, its content, structure and appearance.
  6. The administrator uses the following third party cookies on the Website:
  7. Facebook pixel and ads created through Facebook, Facebook Ads (Facebook Custom Audiences) – to manage Facebook ads and conduct remarketing activities, which is the legitimate interest of the Administrator. The administrator may also direct advertising content to the User via the Facebook portal as part of contact ads.

The Facebook Pixel tool is provided by Facebook Inc. and its affiliates. It is an analytical tool that helps measure the effectiveness of advertisements, shows what actions are taken by Website Users and helps reach a specific group of people (Facebook Ads, Facebook Insights). The administrator may also direct advertising content to the User via the Facebook portal as part of contact ads.

The administrator may also carry out remarketing on the basis of art. 6 sec. 1 letter. f GDPR (legitimate interest of the administrator, consisting in the promotion and advertising of services addressed to people who have agreed to send offers (or people similar to them or to users who like Fanpage) in such a way that the e-mail addresses provided are loaded to the marketing tool offered by Facebook Inc., the so-called advertising manager, and then an advertisement created by the Administrator or authorized persons is directed to them through the Administrator’s advertising account, provided that these persons are also users of the Facebook platform (they have an account there). These data are deleted each time after the end of the advertising campaign. In the case of another advertising campaign, the updated contact database is loaded into the tool. Detailed information about the so-called groups of non-standard recipients, the rules for data hashing and processing of this data can be found in the privacy policy of Facebook at this link https://www.facebook.com/legal/terms/customaudience# and https://www.facebook.com/legal/terms/dataprocessing, and the Administrator recommends that each User reads these rules.

The information collected as part of the use of Facebook Pixel is anonymous and does not allow for the identification of the User. They show general data about users: location, age, gender, interests. The Facebook provider may combine this information with the information that the User provides to him as part of his Facebook account, and then use it in accordance with his own assumptions and goals.

The administrator recommends getting acquainted with the details related to the use of the Facebook Pixel tool and possibly asking questions to the provider of this tool, as well as managing your privacy settings on Facebook. More information can be found at: https://www.facebook.com/privacy/explanation. At any time, you can opt out of cookies responsible for displaying remarketing ads, e.g. on https://www.facebook.com/help/1075880512458213/.

By using the website, the user consents to the installation of the indicated cookie on his/her end device.

  1. Built-in Google Analytics code – to analyse Website statistics. Google Analytics uses its own cookies to analyze the activities and behavior of the Website Users. These files are used to store information, e.g. from which side the User has found the current website. They help to improve the Website.

This tool is provided by Google LLC. Actions taken as part of the use of the Google Analytics code are based on the Administrator’s legitimate interest in creating and using statistics, which then allows the Administrator’s services to be improved and the Website to be optimized.

As part of using the Google Analytics tool, the Administrator does not process any data of the User that would enable his/her identification.

The administrator recommends getting acquainted with the details related to the use of the Google Analytics tool, the possibility of disabling the tracking code and possibly asking questions to the provider of this tool at the link: https://support.google.com/analytics#topic=3544906.

  1. Social media referral plugins Facebook, LinkedIn.

After clicking on the icon of a given plug-in, the user is sent to the website of an external provider, in this case the owner of a given social network, e.g. Facebook. Then he/she has the option to click “Like” or “Share” and like the Administrator’s fanpage located on Facebook or share its content directly (post, article, video, etc.).

The administrator recommends reading the Facebook privacy policy before creating an account on this portal. The administrator has no influence on the data processed by Facebook. From the moment the User clicks on the button of the plugin referring to social media, personal data is processed by a social networking site, e.g. Facebook, which also becomes their administrator and decides on the purposes and scope of their processing. Cookies left by the Facebook plugin (or other third parties) may also be applied on the User’s device after entering the Website and then associated with data collected on the Facebook portal. By using the Website, the User accepts this fact. The administrator has no influence on the processing of data by third parties in this way.

The above tips should also be applied to the operation:

Facebook – fanpage located at the URL: https://www.facebook.com/TwoColoursAgency,

Account on LinkedIn located at the URL: 

https://www.linkedin.com/company/two-colours-agency.

  1. Tools for assessing the effectiveness of Google Ads advertising campaigns – to conduct advertising and remarketing campaigns, which is the legitimate interest of the Administrator

The administrator does not collect any data that would allow the identification of the User’s personal data. The administrator recommends reading the Google privacy policy in order to learn the details of these functions and their possible deactivation from the level of the User’s browser.

  1. Online calendar

In order to enable the User to sign up for a free consultation, the Administrator provides an online calendar through tools provided by external suppliers: appoint.ly and calendly along with a form facilitating registration for a consultation. In this form, the User indicates his/her data: name, surname, e-mail address, phone number.

These entities use cookies. Details can be found in the privacy policy:

https://appoint.ly/privacy-policy and https://calendly.com/pages/privacy.

7. The Administrator recommends that you read the privacy policy of each of the providers of the above services in order to learn about the possibility of making changes and settings that ensure the protection of User’s rights.

8. The website uses two types of cookies: session cookies, which are deleted after closing the browser, logging out or leaving the website, and permanent cookies, which are stored on the user’s end device, which allows the browser to be recognized the next time you visit the website, for the time specified in cookie parameters or until they are deleted by the User.

9. In many cases, the software used for browsing websites (web browser) allows cookies to be stored on the User’s end device by default. The Website Users can change their cookie settings at any time. These settings can be changed in particular in such a way as to block the automatic handling of cookies in the web browser settings or inform about their every posting in the device of the Website User. Detailed information on the possibilities and methods of handling cookies is available in the software (web browser) settings.

10. The administrator informs that limiting the use of cookies (disabling them, limiting them) may affect some of the functionalities available on the Website’s websites and hinder its functioning.

11. More information on cookies is

available at https://www.allaboutcookies.org or in the “Help” section in the browser’s menu.

 

§8 COOKIE CONSENT

When entering the Website for the first time, the User must consent to cookies or take other possible actions indicated in the message in order to continue to use the content of the Website. By using the Website, you consent. If the User does not want to express such consent – he/she should leave the Website. He/She can also always change his/her browser settings, disable or delete cookies. The necessary information is provided in the “help” tab in the User’s browser.

 

§9 SERVER LOGS

  1. Using the Website involves sending queries to the server on which the Website is stored.
  2. Each query directed to the server is saved in the server logs. Logs include User’s IP address, server date and time, information about the web browser and operating system used by the User.
  3. Logs are saved and stored on the server.
  4. The server logs are used to administer the Website, and their content is not disclosed to anyone except persons and entities authorized to administer the server.
  5. The administrator does not use the server logs to identify the User in any way.

Date of publication of the Privacy Policy: 10/09/2020

Date of last update: 23/12/2020