In order to standardize the meaning of certain terms and to make the text more readable, the phrases and expressions given below have the following meanings in this Policy.

- Administrator – means the entity operating the Website, i.e. EndoMe Sp. z o. o.
ul. Bieniewicka 26, 01-632 Warsaw NIP: 5252837639, and also means the personal data controller, i.e. the entity that independently determines the purposes and means of processing personal data. 

- Use of Personal data – information about a natural person identified or identifiable by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, online identifier and information collected via cookies and other similar technology. 

- Politics – this Privacy Policy.

- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

- Service – website run by the Administrator at https://endomenowe.pl

- User – any natural person visiting the Website or using one or more services or functionalities described in the Policy.

- Joint Controllers - at least two personal data controllers (within the meaning of Article 4(7) of the GDPR) who jointly determine the purposes and means of processing personal data.

1. SAFETY

1.1. To ensure data security, the Administrator employs appropriate technical measures to prevent unauthorized access and modification of personal data obtained through the Website and submitted via contact forms available on the website, including a secure communication encryption protocol (SSL certificate). An encrypted connection can be identified by two elements: the "https://" character string and the padlock symbol in the browser's browser window.

1.2. The Controller shall take all necessary measures to ensure that its subcontractors and other cooperating entities also guarantee the application of appropriate security measures whenever they process Personal Data on behalf of the Controller. 

2. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING

If you use our website solely for informational purposes, i.e., if you do not use contact forms, subscribe to our newsletter, or otherwise provide us with information, we only collect the data that your browser transmits to our server. Detailed information on the purposes and basis of personal data processing can be found below.

USING THE SERVICE

2.1. Users' personal data, including IP address or other identifiers and information collected via cookies and other similar technologies, are processed by the Controller:

1. a) for analytical and statistical purposes – then the legal basis for processing is the legitimate interest of the Controller (Article 6 paragraph 1 letter f of the GDPR), consisting in conducting analyses of Users’ activities and their preferences in order to improve the functionalities used and the services provided; 
2. b) in order to possibly establish and pursue claims or defend against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6 paragraph 1 letter f of the GDPR), consisting in the protection of its rights; 

2.2. User activity on the Website, including their Personal Data, is recorded in system logs (a program used to store chronological records containing information about events and activities related to the IT system used to provide services by the Administrator). Data collected in this way is used primarily for the administration of the Website. The Administrator also processes it for technical purposes, to ensure the security of the IT system and to manage it. 

CONTACT

2.3. The Website provides the ability to contact the Administrator using contact forms. Using the form requires the provision of Personal Data, which is necessary to contact the User and respond to the inquiry. The User may also provide other data to facilitate contact or process the inquiry. Providing data marked as mandatory is required to accept and process the inquiry, while failure to provide this data will result in the inability to process the inquiry. Providing the remaining data is voluntary. 

2.4. Personal data are processed:

1. to communicate with people who contact us via the contact form or email. We answer questions, provide information, and respond to requests for quotes. This purpose constitutes our legitimate interest as referred to in Article 6(1)(f) of the GDPR.
2. in order to possibly establish and pursue claims or defend against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6, paragraph 1, letter f of the GDPR), consisting in the protection of its rights.

NEWSLETTER

2.5. The Administrator may send the newsletter to individuals who have provided their email address for this purpose. Providing this data is required to send the newsletter, and failure to do so will result in the inability to do so. 

2.6. Personal data are processed:

1. for the purpose of sending commercial information by electronic means, in particular newsletters, the Administrator’s publications informing about the activities and scope of services and offering products and services – the legal basis for processing is the users’ consent (Article 6, paragraph 1, letter a of the GDPR)
2. in order to possibly establish and pursue claims or defend against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6, paragraph 1, letter f of the GDPR), consisting in the protection of its rights.

2.7. Commercial information will be sent only to persons who have consented to receiving commercial information from the Administrator, in accordance with Article 10 paragraph 2 of the Act of 18 July 2002 on the provision of services by electronic means.

2.8. Personal data will be processed until you opt out of receiving commercial information, withdraw your consent to receiving such information or object to the processing of your personal data for marketing purposes.

3. VIDEOS - YOUTUBE

3.1. Our Website may use the function of displaying and playing videos from the provider “YouTube”, which belongs to Google Ireland Limited.

3.2. To ensure your privacy, we use enhanced privacy mode, which, according to the provider, does not initiate the storage of user information until the video file is played. When you start playing embedded YouTube videos, the provider uses YouTube cookies to collect information about user behavior. According to the provider, these cookies are used, among other things, to collect video statistics, improve user-friendliness, and prevent abuse. 

3.3. Once you've logged into your Google account, your information will be directly linked to your account when you click on a video. To prevent your data from being used, log out before clicking the button. Google stores your data (even for users who are not logged in) in the form of usage profiles and evaluates them. This is based on Article 6(1)(f) GDPR, i.e., Google's legitimate interest, which primarily consists of personalized advertising and market research. You have the right to object to the creation of user profiles. To exercise this right, you must contact Google, as the operator of YouTube.

4. SOCIAL MEDIA 

4.1. The Administrator processes the Personal Data of Users visiting the Administrator's social media profiles (Facebook). This data is processed solely for the purpose of maintaining the profile, including to inform Users about the Administrator's activities and to promote various events, services, and products. The legal basis for processing Personal Data by the Administrator for this purpose is its legitimate interest (Article 6, paragraph 1, letter f of the GDPR), consisting in promoting its own brand.

4.2. The information clause and information on joint data control with Facebook Ireland Limited can be found at this link https://www.facebook.com/privacy/explanation .

5. PERSONAL DATA PROCESSING PERIOD

5.1. The period of data processing by the Controller depends on the purpose of the processing. Generally, data is processed until the consent is withdrawn or an effective objection to data processing is raised in cases where the legal basis for data processing is the Controller's legitimate interest. 

5.2. We retain data processed for contact purposes for the time necessary to contact you/answer your questions, and then until the end of the calendar year following the year in which the matter was resolved or the contact ended. We retain correspondence for this period for evidentiary purposes, to secure claims, or to defend against them.

5.3. The data processing period may be extended if processing is necessary to establish, pursue, or defend against potential claims, and after that period only if and to the extent required by law. After the processing period expires, the data is irreversibly deleted or anonymized. 

5.4. Withdrawal of consent by the User does not affect the lawfulness of data processing previously carried out on this basis.

6. RIGHTS OF SERVICE USERS

6.1. The User has the right to access the content of the data and to request its rectification, deletion, restriction of processing, the right to transfer data and the right to object to data processing, as well as the right to lodge a complaint with the President of the Personal Data Protection Office.

6.2. To the extent that the User's data are processed on the basis of consent, this consent may be withdrawn at any time by contacting the Administrator (biuro@lukasiuk.eu). In the case of cookies that require consent, its withdrawal is possible through the functionality offered on the Website.

6.3. The User has the right to object to the processing of data for marketing purposes if the processing is carried out in connection with the legitimate interest of the Controller, and – for reasons related to the specific situation of the User – in other cases where the legal basis for data processing is the legitimate interest of the Controller (e.g. in connection with the implementation of analytical and statistical purposes). 

7. DATA RECIPIENTS

7.1. In connection with the provision of services, Personal Data will be disclosed to external entities, including in particular suppliers responsible for IT services (including hosting, IT services), marketing agencies (in the scope of marketing services), law firms and entities processing data at the request of the Controller, as well as entities associated with the Controller.

7.2. If the User consents, their data may also be made available to other entities for their own purposes, including marketing purposes.

8. DATA TRANSFERS OUTSIDE THE EEA

8.1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller generally does not transfer Personal Data outside the EEA.

8.2 The Controller always informs the Controller of its intention to transfer Personal Data outside the EEA at the time of collection. This is done only when necessary and with an adequate level of protection, primarily through:

1. cooperation with entities processing Personal Data in countries for which an appropriate decision of the European Commission has been issued regarding the assurance of an adequate level of protection of Personal Data;
2. use of standard contractual clauses issued by the European Commission;
3. the use of binding corporate rules approved by the relevant supervisory authority;
4. in the event of data transfer to the USA – cooperation with entities participating in the Privacy Shield program Privacy Shield), approved by decision of the European Commission.

9. CONTACT WITH THE ADMINISTRATOR 

9.1. If you wish to contact the Administrator, you can do so via e-mail: info@endome.pl or to the correspondence address: ul. Bieniewicka 26, 01-632 Warsaw. 

9.2. It is also possible to contact the administrator via the contact form located at: https://endomenowe.pl/kontakt/ 

10. PRIVACY POLICY CHANGES

The policy is reviewed on an ongoing basis and updated as necessary.