Loopie Piotr Pałyga, as the owner of the website loopie.pl, makes every effort to ensure that your privacy is adequately protected. In order to implement lawful (GDPR), transparent, and secure processing of your personal data, we adopt the following privacy policy. Pursuant to art. 13 sec. 1 and 2 of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (the GDPR) we inform as follows:

§ 1
General information

1. The Data Controller, within the meaning of the provisions under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (OJ EU L 2016, No. 119) (hereinafter referred to as GDPR) is Loopie Piotr Pałyga, Tax ID (NIP): 9591804627, REGON No.: 260441091, e-mail: kontakt@loopie.pl
2. Within the meaning of this Privacy Policy, the User is a natural person using the Data Controller’s websites, including the Data Controller’s contact forms.
3. Contact in matters concerning the processing of personal data by the Data Controller: kontakt@loopie.pl

§ 2
Processing of data by the Data Controller

1. The User entrusts the processing of personal data to the Data Controller to handle recruitment, inquiries, or orders placed via the contact form.
2. Providing personal data by the User when contacting us is voluntary and the data provided will be used (where applicable) solely for the following purposes:
   • Providing responses.
   • Presenting the Data Controller’s offer.
   • Security of the Data Controller’s network systems (e.g.: protection against spam and DDOS attacks).
   • To measure audiences on the web.
   • Employee Recruitment.
3. Expressing consent by providing contact information is voluntary, but in some cases, failure to provide such information may prevent the processing of the inquiry / order submitted via the contact form.

§ 3
The legal basis of data processing by the Data Controller

1. The legal basis for the processing of personal data for the purposes stated in 2.b.a and 2.b.b. is the User’s consent (art. 6. 1. (a) GDPR), and / or art. 6. 1. (b) GDPR when the User expresses the willingness to conclude an agreement.
2. The premise for processing personal data for the purpose stated in 2.b.c is the legitimate interest pursued by the Data Controller (art. 6. 1. f) GDPR) and the legal basis are Recital 49 of the GDPR and the Regulation of the Minister of Internal Affairs and Administration of 29 April 2004 as regards personal data processing documentation and technical and organizational conditions which should be fulfilled by devices and computer systems used for the personal data processing.
3. The premise for processing personal data for the purpose stated in 2.b.d is the legitimate interest pursued by the Data Controller (art. 6. 1. f) GDPR) and the legal basis is Article 8 point 1 d) of the Regulation of the European Parliament and of the Council on the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on privacy and electronic communications).
4. Personal data for the purpose stated in 2.b.e. are processed due to the willingness to conclude an agreement (art. 6. 1. b) GDPR), and the legal basis for the data collected is Art. 221 § 1. Labor Code

§ 4
Scope of processing data by the Data Controller

1. For the purposes indicated in 2.b.a. and 2.b.b., to the extent voluntarily provided by the User, the Data Controller may process:
   • name and surname (contact person)
   • contact phone number
   • contact e-mail address
   • Internet domain address (and possibly other related data provided by the User)
   • other data provided by the User
2. For the purpose outlined in 2.b.c.:
   • IP address
   • meta data sent by the browser (or other end devices connecting to the Data Controller’s website)
3. For the purpose outlined in 2.b.d.:
   • meta data sent by the browser
4. For the purpose outlined in 2.b.e (recruitment) we will ask the applicant to provide information such as full name, date of birth, place of residence (mailing address), education, and previous employment history.
5. Recipients of personal data and transfer of personal data to a third country:
   • The User’s personal data related to the purposes listed in sections 2.b.a. to 2.b.c. and 2.b.e. shall be processed only by the Data Controller.
   • Data related to the purpose of point 2.b.d. will be processed by the Data Controller and the partner, Google Inc. with headquarters in the USA, whose web audience measurement tool (Google Analytics) is used by the Data Controller. This data is anonymous and will not be shared.
   • Google, which performs the web audience measurement service for the Data Controller, has joined the EU-US Privacy Shield agreement, and according to the European Commission’s decision of 12 July 2016 IP/16/216, the transfer of personal data to entities based in the United States that have joined the aforementioned agreement ensures an adequate level of protection for personal data, in accordance with art. 45 of the GDPR;
6. The User’s personal data may be made available to entities from the Data Controller’s capital group and to the Data Controller’s partners with whom the Data Controller cooperates by combining products or services. In the case of entering into cooperation, the data may also be accessed by subcontractors (processors), for example: accounting companies, hosting companies.

§ 5
Rights of the User whose data are processed

1. The User has the right to:
   • access their personal data,
   • correct the personal data,
   • delete the personal data,
   • limit the processing of their personal data,
   • transfer personal data
   • object to the processing of their personal data
   • withdraw previously given consent to the processing of personal data
2. To exercise these rights, the User must send an email to the address provided in 1.a., a letter to the business address provided in 1.a., or contact us by phone at the number provided in 1.a.
3. The Data Controller shall comply with the User’s request without delay, with the stipulation that the deletion or restriction of the possibility to process the data may affect the possibility or scope of properly handling the submitted inquiry/order.

§ 6
Duration of processing personal data by the Data Controller

1. The Data Controller shall store the Users’ personal data for no longer than it is necessary for the handling of the inquiry/order, including the preparation of a personalized trade offer, and to enable the Data Controller to perform its duties.
2. The User may at any time request the deletion of their personal data. In this case, they will be deleted immediately, but this may involve an interruption of service for the submitted request.

§ 7
Information stored in the User’s device (Cookies)

1. To ensure the proper operation of the website, and in particular to adjust the content of the website and advertisements to the User’s preferences, and to optimize the use of the website, the Data Controller may use the capabilities of the end device for processing and storing, and may collect information from the User’s device.
2. The data described in section 1. will be used by the Data Controller only to the extent necessary to provide the services requested by the User and to protect the network systems.
3. The User can decide which data will be sent to the Data Controller by changing the settings of their browser (e.g. by blocking the storage of cookies).
4. The website uses traffic analysis scripts (Google Analytics) provided by Google Inc. based in the USA, (Google Adwords) provided by Google Ireland Limited based in Ireland, (Facebook) provided by Facebook Ireland Ltd. based in Ireland. These scripts may store data (e.g.: cookies) on their end device. The User may object to this by blocking cookies and other data from third-party sites in their browser.
5. Instructions on how to change the settings described in subsections 3 and 4 can be found in the browser’s settings, its user manual, or on the manufacturer’s website.
6. The User may delete cookies at any time by using the features available in the web browser they are using. Limiting the use of cookies may affect some features available on the website.
7. To opt out of displaying personalized Google ads (AdWords and others) based on the use of the website, the User may make appropriate changes to their ad settings using a tool available at https://adssettings.google.pl/authenticated and clear the cookies in their web browser. To opt out of displaying personalized Facebook ads based on the use of the website, the User may make appropriate changes to their ad settings using the instructions indicated on https://www.facebook.com/help/1075880512458213/ and clear the cookies in their browser. To block data collection by analytical tools from Google (Analytics, Optimize and others) and Facebook, the User can disable the acceptance of cookies and data from third-party websites in their browser settings, clear cookies in their web browser, use add-ons to block tools (e.g https://tools.google.com/dlpage/gaoptout/?hl=pl), or use the website in a browser mode without storing information in cookies.
8. for more information on cookies, please visit http://wszystkoociasteczkach.pl/

§ 8
Lodging a complaint

1. The User has the right to object to the processing of their personal data, on the basis of which the Data Controller will cease to process the data in the indicated scope / purpose. To object, send a message as described in section 5.b.
2. The User also the right to lodge a complaint to the supervisory authority, i.e. the President of the Office for Personal Data Protection.

§ 9
Obligations of the Data Controller

1. The Data Controller undertakes to take measures to safeguard the processing of personal data to the extent specified in the Act, and in particular undertakes to:
2. Safeguard data against unauthorized access, removal by an unauthorized person, alteration, damage, or destruction.
3. Allow only individuals with authorization issued by them to process personal data.
4. Ensure control over the correct processing of personal data.
5. Keeping records of persons authorized to process personal data, exercising particular care to ensure that persons authorized to process such data keep them confidential, also after the completion of the Data Controller’s performance, among others by informing them of the legal consequences of breaching data confidentiality and collecting declarations of the obligation to keep the data confidential.
6. Store documentation describing how to process entrusted personal data and technical and organizational measures to ensure the protection of processing this data, in particular: the Register of Data Processing Processes, the Personal Data Security Policy, and the Management Instruction for the Information System used to Process Personal Data.
7. Assurances that the equipment, IT and telecommunication systems used for personal data processing were consistent with the requirements of the Regulation of the Minister of Internal Affairs and Administration of 29 April 2004 as regards personal data processing documentation and technical and organizational conditions which should be fulfilled by devices and computer systems used for the personal data processing.