The following Privacy Policy outlines the rules for storing and accessing data on Users’ Devices when using the Service for the purpose of providing electronic services by the Administrator, as well as the rules for collecting and processing personal data of Users that they have provided personally and voluntarily through the tools available on the Service.

This Privacy Policy is an integral part of the Terms and Conditions of the Service, which defines the principles, rights, and obligations of Users utilizing the Service.

§1 Definitions

• Service – the online service „PORTBS” available at https://portbs.eu
  External Service – the websites of partners, service providers, or customers cooperating with the Administrator
  Service/Data Administrator – the Administrator of the Service and Data (hereinafter the Administrator) is the company „PORTBS”, operating at the address: (address!), with the tax identification number (NIP): (address!), providing electronic services through the Service.
  User – an individual for whom the Administrator provides electronic services through the Service.
  Device – an electronic device with software through which the User accesses the Service
  Cookies – text data collected in the form of files placed on the User’s Device
  GDPR – Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, regarding the protection of natural persons concerning the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
  Personal Data – information relating to an identified or identifiable natural person („data subject”); an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as name, identification number, location data, online identifier, or one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural, or social identity of that person
  Processing – means an operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction;
  Restriction of Processing – means marking stored personal data to limit its future processing
  Profiling – means any form of automated processing of personal data, consisting of the use of personal data to evaluate certain personal factors of a natural person, in particular to analyze or predict aspects concerning the effects of that person’s work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements
  Consent – consent of the data subject means a voluntary, specific, informed, and unambiguous indication of the data subject’s wishes, by a statement or clear affirmative action, consenting to the processing of personal data relating to them
  Data Breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed
  Pseudonymization – means the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to prevent identification of the data subject
  Anonymization – means the irreversible process of operations on data that destroys/overwrites „personal data,” preventing identification or linking of a given record to a specific user or individual.

§2 Data Protection Officer

Pursuant to Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer (DPO).

For matters related to data processing, including personal data, please contact the Administrator directly.

§3 Rodzaje Plików Cookies

• Internal Cookies – files placed and read from the User’s Device by the Service’s IT system.
  External Cookies – files placed and read from the User’s Device by the IT systems of external Services. Scripts from external Services that can place Cookies on the User’s Devices have been intentionally embedded in the Service through scripts and services provided and installed on the Service.
  Session Cookies – files placed and read from the User’s Device by the Service during a single session of the Device. After the session ends, the files are deleted from the User’s Device.
  Persistent Cookies – files placed and read from the User’s Device by the Service until they are manually deleted. These files are not automatically deleted after the Device session ends unless the User’s Device configuration is set to delete Cookie files after the session ends.

§4 Data Storage Security

• Mechanisms for Storing and Reading Cookie Files – The mechanisms for storing, reading, and exchanging data between Cookies stored on the User’s Device and the Service are implemented through the built-in mechanisms of web browsers. These mechanisms do not allow for the retrieval of other data from the User’s Device or from websites visited by the User, including personal data or confidential information. It is also practically impossible to transfer viruses, Trojan horses, or other worms onto the User’s Device.

  Internal Cookies – The cookies used by the Administrator are secure for Users’ Devices and do not contain scripts, content, or information that could pose a threat to the security of personal data or the security of the Device used by the User.

  External Cookies – The Administrator takes all possible actions to verify and select service partners in the context of User security. The Administrator collaborates with trusted, large partners with global social trust. However, the Administrator does not have full control over the content of cookies from external partners. The Administrator is not responsible for the security of external cookies, their content, or their licensed use by installed scripts from external Services, to the extent permitted by law. A list of partners is provided in the later part of this Privacy Policy.

  Control of Cookie Files
  The User can change the settings regarding the saving, deletion, and access to the data stored in cookies by any website at any time.

  Information on how to disable cookies in the most popular web browsers can be found on the following pages:

  • Managing cookies in Chrome
  • Managing cookies in Opera
  • Managing cookies in Firefox
  • Managing cookies in Edge
  • Managing cookies in Safari
  • Managing cookies in Internet Explorer 11

  The User can delete all cookies stored so far using the tools of the Device they are using to access the Service.

  User-side Threats – The Administrator employs all possible technical measures to ensure the security of data stored in cookie files. However, it should be noted that ensuring the security of this data depends on both parties, including the User’s activities. The Administrator is not responsible for the interception of this data, session hijacking, or its deletion due to the intentional or unintentional actions of the User, viruses, Trojan horses, or other spyware that the User’s Device may have been infected with. Users should follow recommended practices for using the internet to protect themselves from these threats.

  Personal Data Storage – The Administrator ensures that every effort is made to keep personal data provided voluntarily by Users secure, with access limited and in accordance with its intended purpose and processing goals. The Administrator also takes all measures to protect the stored data from loss by using appropriate physical and organizational safeguards.

§5 Purposes for Which Cookies Are Used

• Improving and Facilitating Access to the Service
• Personalization of the Service for Users
• Enabling Login to the Service
• Marketing, Remarketing on External Websites
• Ad Serving Services
• Affiliate Services
• Conducting Statistics (users, number of visits, types of devices, connection, etc.)
• Serving Multimedia Services
• Providing Social Media Service

§6 Purposes of Processing Personal Data

Personal data voluntarily provided by Users are processed for one of the following purposes:

• Provision of electronic services:
  • Services for registering and maintaining the User’s account in the Service and related functionalities.
  • Newsletter services (including sending advertising content with consent).
  • Services for sharing information about content posted in the Service on social media or other websites.
  • Communication between the Administrator and Users on matters related to the Service and data protection.
  • Ensuring the legitimate interests of the Administrator.

Data about Users collected anonymously and automatically are processed for one of the following purposes:

• Conducting statistics
• Remarketing
• Serving ads tailored to User preferences
• Managing affiliate programs
• Ensuring the legitimate interests of the Administrator

§7 Cookies of External Services

The Administrator of the Service uses JavaScript scripts and web components from partners who may place their own cookies on the User’s Device. Please note that in your browser settings, you can decide which cookies are allowed to be used by individual websites. Below is a list of partners or their services implemented in the Service that may place cookies:

Multimedia Services: Social / Integrated Services: (Registration, Login, sharing content, communication, etc.)

• Twitter
• Facebook
• Google+

Newsletter Services:

• MailChimp

Advertising Services and Affiliate Networks:

• MyLead

Statistics Management:

• Google Analytics

Services provided by third parties are beyond the control of the Administrator. These entities can change their terms of service, privacy policies, the purpose of data processing, and the ways in which cookies are used at any time.

§8 Types of Collected Data

The Service collects data about Users. Some of the data is collected automatically and anonymously, while other data consists of personal information voluntarily provided by Users during registration for the various services offered by the Service.

Automatically collected anonymous data:

• IP address
• Browser type
• Screen resolution
• Approximate location
• Pages visited within the service
• Time spent on a specific page of the service
• Operating system type
• Address of the previous page
• Referring URL
• Browser language
• Internet connection speed
• Internet service provider

Data collected during registration:

• First name / last name / nickname
• Username
• Email address
• IP address (automatically collected)

Data collected during subscription to the Newsletter service:

• First name / last name / nickname
• Email address
• IP address (automatically collected)

Data collected when leaving a comment:

• First name / last name / nickname
• Email address
• Website URL
• IP address (automatically collected)

Some of the data (excluding identifying data) may be stored in cookies. Some of the data (excluding identifying data) may be shared with a statistical service provider.

§9 Access to Personal Data by Third Parties

As a rule, the only recipient of personal data provided by Users is the Administrator. Data collected in the course of providing services is not transferred or resold to third parties.

Access to the data (usually based on a Data Processing Agreement) may be granted to entities responsible for maintaining the infrastructure and services necessary to operate the Service, such as:

• Hosting companies that provide hosting or related services for the Administrator
• Companies through which the Newsletter service is provided

Data Processing Agreement – Newsletter

For the purpose of providing the Newsletter service, the Administrator uses the services of a third party – the MailChimp service. The data entered in the newsletter subscription form are transferred, stored, and processed by this external service provider.

Please note that the indicated partner may modify the privacy policy without the Administrator’s consent.

Data Processing Agreement – Hosting Services, VPS, or Dedicated Servers

For the purpose of operating the Service, the Administrator uses the services of an external hosting provider, VPS, or Dedicated Servers – az.pl. All data collected and processed within the Service are stored and processed in the service provider’s infrastructure located in Poland. There is a possibility of access to the data due to maintenance work performed by the service provider’s personnel. Access to these data is governed by the agreement between the Administrator and the Service Provider.

§10 Method of Processing Personal Data

Personal Data Provided Voluntarily by Users:

• Personal data will not be transferred outside the European Union, unless it has been published due to the individual actions of the User (e.g., posting a comment or entry), which makes the data available to anyone visiting the service.
• Personal data will not be used for automated decision-making (profiling).
• Personal data will not be sold to third parties.

Anonymous Data (without Personal Data) Collected Automatically:

• Anonymous data (without personal data) may be transferred outside the European Union.
• Anonymous data (without personal data) will not be used for automated decision-making (profiling).
• Anonymous data (without personal data) will not be sold to third parties.

§11 Legal Basis for the Processing of Personal Data:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR):

  • Article 6(1)(a): The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Article 6(1)(b): Processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract.
  • Article 6(1)(f): Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

• The Act of May 10, 2018, on the protection of personal data (Journal of Laws 2018, item 1000)

• The Act of July 16, 2004, Telecommunications Law (Journal of Laws 2004, No. 171, item 1800)

• The Act of February 4, 1994, on Copyright and Related Rights (Journal of Laws 1994, No. 24, item 83)

§12 Period of Processing Personal Data

Personal Data Provided Voluntarily by Users:

As a rule, the personal data provided by users are stored only for the duration of the service provision within the framework of the Service by the Administrator. These data will be deleted or anonymized within 30 days from the end of the service provision (e.g., account deletion, unsubscribing from the newsletter, etc.).

An exception occurs when it is necessary to secure legally justified purposes for the continued processing of these data by the Administrator. In such a case, the Administrator will store the specified data, until the user requests their deletion, for no longer than 3 years in case of a violation or suspicion of violation of the service terms by the user.

Anonymous Data (Non-Personal Data) Collected Automatically:

Anonymous statistical data, which do not constitute personal data, are stored by the Administrator for the purpose of conducting site statistics for an indefinite period.

§13 User Rights Related to Personal Data Processing

Service collects and processes User data based on:

1. Right of Access to Personal Data
   Users have the right to obtain access to their personal data upon request submitted to the Administrator.

2. Right to Rectify Personal Data
   Users have the right to request the Administrator to promptly rectify any inaccurate or incomplete personal data upon request.

3. Right to Erasure of Personal Data
   Users have the right to request the immediate deletion of their personal data, which will be carried out upon request submitted to the Administrator. For user accounts, data deletion involves anonymizing the data that can identify the User. The Administrator reserves the right to withhold the implementation of the data erasure request to protect the legitimate interests of the Administrator (e.g., if the User has violated the Terms of Service or if the data was obtained through correspondence).
   In the case of the Newsletter service, Users have the option to delete their personal data themselves by using the link provided in each email message sent.

4. Right to Restriction of Personal Data Processing
   Users have the right to request the restriction of processing their personal data in cases specified in Article 18 of the GDPR, e.g., if they dispute the accuracy of the data.

5. Right to Data Portability
   Users have the right to request the Administrator to provide their personal data in a structured, commonly used, machine-readable format.

6. Right to Object to the Processing of Personal Data
   Users have the right to object to the processing of their personal data in cases specified in Article 21 of the GDPR.

7. Right to Lodge a Complaint
   Users have the right to file a complaint with the supervisory authority responsible for personal data protection.

8. Right to Object to Data Processing Based on Legitimate Interest
   Users have the right to object to the processing of their personal data that is based on the legitimate interest of the Administrator.

9. Right to Withdraw Consent
   In cases where User data is processed based on consent, the User has the right to withdraw consent at any time by contacting the Administrator via email at michal@portbs.eu.

§14 Recipients of Personal Data

In connection with the provision of services, personal data will be disclosed to external entities, including, in particular, IT service providers that enable the proper use of the Service.

With the User’s consent, their data may also be shared with other entities for their own purposes, including marketing purposes.

The Administrator reserves the right to disclose selected information about the User to the relevant authorities or third parties that request such information, based on a proper legal basis and in accordance with applicable law.

§15 Transfer of Personal Data Outside the EEA

Level of Protection of Personal Data Outside the European Economic Area

The level of protection of personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator only transfers personal data outside the EEA when it is necessary, and ensures an appropriate level of protection, primarily through:

• Cooperation with data processors in countries for which the European Commission has issued a decision confirming the adequacy of the protection of personal data;
• Using Standard Contractual Clauses issued by the European Commission;
• Applying Binding Corporate Rules approved by the competent supervisory authority.

The Administrator always informs about the intention to transfer personal data outside the EEA at the stage of data collection.

§16 Contact with Administrator

You can contact the Administrator in one of the following ways:

• Postal Address – (address!)
• Email Address – michal@portbs.eu
• Phone – +48 535 878 988
• Contact Form – available at: /kontakt

§17 Service Requirements

• Limitation of Cookie Storage and Access on the User’s Device

  Limiting the storage and access of cookies on the User’s device may result in certain functions of the Service not working correctly. The Administrator is not responsible for any malfunctioning features of the Service if the User restricts, in any way, the ability to store and read cookies.

  §18 External Links

  The Service – in articles, posts, entries, or comments by Users – may contain links to external websites with which the Service Owner does not cooperate. These links, as well as the pages or files they lead to, may pose a risk to your Device or compromise the security of your data. The Administrator is not responsible for the content found outside of the Service.

§19 Changes to the Privacy Policy

• The Administrator reserves the right to modify this Privacy Policy at any time without the need to inform Users about changes related to the use of anonymous data or the use of Cookies.

  The Administrator also reserves the right to change this Privacy Policy regarding the processing of Personal Data. Users who have accounts or are subscribed to the newsletter will be notified of these changes by email within 7 days of the modification. Continued use of the services indicates that the User has reviewed and accepted the changes made to the Privacy Policy. If the User disagrees with the changes, they are required to delete their account from the Service or unsubscribe from the Newsletter service.

  The changes made to the Privacy Policy will be published on this subpage of the Service.

  The changes will come into effect upon their publication.