Privacy and Cookies Policy

1. GENERAL PROVISIONS

1. This Privacy Policy of the Website is for information purposes only, which means that it does not create any obligations for the Users of the Website. The Privacy Policy primarily contains rules concerning the processing of personal data by the Controller by the Website, including the grounds, purposes and duration of personal data processing and the rights of data subjects, as well as information concerning the use of cookies by the Website.
2. The Controller of personal data collected through the Website is Maciej Kuźmiński, pursuing business activity under the name EMA SZKOLENIA MACIEJ KUŹMIŃSKI/NZOZ STOMATOLOGIA RODZINNA MONIKA I MACIEJ KUŹMIŃSCY entered into the Central Registration and Information on Business of the Republic of Poland, maintained by the minister responsible for the economy, having: the business address and address for service: ul. Szyszkowa 60, 95-020 Kraszew, Poland, Polish tax identification number NIP: 7271151890, Polish business identification number REGON: 471110086 and email address: kontakt@endomastersacademy.pl – hereinafter referred to as the "Controller" and who is also a Service Provider on the Website.
3. Personal data on the Website are processed by the Controller in accordance with the applicable legal provisions, in particular, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as "GDPR" or "GDPR Regulation". The official text of the GDPR Regulation: https://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.
4. The use of the Website, including the conclusion of contracts, is voluntary. Similarly, the related provision of personal data by the Client using the Website is voluntary, subject to two exceptions: (1) conclusion of contracts with the Controller – failure to provide, in the cases and to the extent indicated on the Website and in the Terms and Conditions of the Website and this Privacy Policy, personal data necessary for the conclusion and performance of a Service Contract or another contract with the Controller results in the impossibility of concluding that contract. Providing personal data in such a case is a contractual requirement, and if the data subject wants to conclude a given contract with the Controller, they are obliged to provide the required data. Each time the scope of data required to conclude a contract is indicated beforehand on the Website and in the Terms and Conditions of the Website; (2) the Controller’s statutory obligations – the provision of personal data is a statutory requirement resulting from universally applicable legislation imposing on the Controller the obligation to process personal data (e.g. for the purposes of keeping tax records), and failure to provide such data will prevent the Controller from performing those obligations.
5. The Controller shall exercise due care in order to protect the interests of persons whose personal data are processed by him, and in particular he shall be responsible for and ensure that the data collected by him are: (1) processed lawfully; (2) collected for specified, legitimate purposes and not subjected to further processing incompatible with those purposes; (3) substantively correct and adequate in relation to the purposes for which they are processed; (4) kept in a form which permits identification of data subjects for no longer than is necessary to achieve the purpose of processing; and (5) processed in a way which ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organisational measures.
6. Having regard for the nature, scope, context and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and seriousness, the Controller shall implement appropriate technical and organisational measures to ensure that the processing is carried out in accordance with the GDPR Regulation and shall be able to demonstrate this. These measures shall be reviewed and updated as necessary. The Controller uses technical measures to prevent unauthorised persons from obtaining and modifying personal data sent electronically.
7. All words, phrases and acronyms appearing in this Privacy Policy and beginning with a capital letter (e.g. Service Provider, Website, Electronic Service) shall be understood as defined in the Website Terms and Conditions available on the Website.

2. GROUNDS FOR DATA PROCESSING

1. The Controller is entitled to process personal data in cases where – and to the extent that – at least one of the following conditions is met: (1) the data subject has given their consent to the processing of their personal data for one or more specified purposes; (2) the processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract; (3) the processing is necessary for compliance with a legal obligation to which the Controller is subject; or (4) the processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
2. The processing of personal data by the Controller requires in each case the existence of at least one of the grounds indicated in point 2.1 of the Privacy Policy. Specific grounds for the processing of personal data of the Website's Users by the Controller are indicated in the next point of the Privacy Policy – with reference to a given purpose of the processing of personal data by the Controller.

3. PURPOSE, BASIS AND DURATION OF DATA PROCESSING BY THE WEBSITE

1. Each time, the purpose, basis and duration, as well as recipients of the personal data processed by the Controller, result from the actions taken by a given User on the Website.
2. The Controller may process personal data on the Website for the following purposes, on the following grounds and for the following duration:
   
   
   

   Purpose of data processing	Legal basis for data processing	Duration of data storage
   Performance of a Service Contract, other contract or taking action at the request of the data subject prior to entering into a contract	Article 6(1)(b) of the GDPR Regulation (performance of a contract) (b) – the processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract	Data shall be stored for the duration necessary for the performance, termination or otherwise expiry of the contract entered into.
   Providing a response to an enquiry sent to the Controller	Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Controller) – the processing is necessary for the purposes arising from the legitimate interests of the Controller – consisting of the necessity to know the content of the enquiry sent by the data subject via the contact form available on the Website, and then, if necessary, respond to that enquiry	The data shall be stored for the time necessary for the Controller to examine the content of the data subject’s enquiry and respond to it, but no longer than for the duration of the legitimate interest pursued by the Controller in relation to the information contained in the enquiry.
   Direct marketing	Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Controller) – the processing is necessary for the purposes arising from the legitimate interests of the Controller – consisting in ensuring the interests and good image of the Controller, their Website and striving to sell services	The data shall be stored for the duration of the legitimate interests pursued by the Controller, however, no longer than the statute of limitation of the Controller’s claims against the data subject on account of the Controller’s economic activity. The statute of limitation shall be determined by the provisions of law, in particular, of the Civil Code (the basic statute of limitation for claims related to business activities is three years). The Controller may not process data for direct marketing purposes in the event of an effective objection by the data subject.
   Running the Newsletter	Article 6(1)(a) of the GDPR Regulation (consent) – the data subject has consented to the processing of their personal data for marketing purposes by the Controller	The data shall be stored until the data subject withdraws their consent to further processing of their data for this purpose.
   Bookkeeping	Article 6(1)(c) of the GDPR Regulation in conjunction with Article 86 § 1 of the Tax Ordinance, i.e. of 17 January 2017 (Journal of Laws of 2017, item 201 as amended) – processing is necessary for the fulfilment of a legal obligation incumbent on the Controller	The data are stored for the period required by legal regulations ordering the Controller to keep tax books (until the expiry of the statute of limitation of tax liability, unless tax acts provide otherwise).
   Establishing, pursuing or defending claims that the Controller may raise or that may be raised against the Controller	Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Controller) – the processing is necessary for the purposes arising from the legitimate interests of the Controller – consisting in determination, assertion or defence of claims which may be raised by the Controller or which may be raised against the Controller	The data shall be stored for the duration of the Controller’s legitimate interest, however not longer than the statute of limitation of claims that may be raised against the Controller (the basic statute of limitation for claims against the Controller is six years).
   Using the Website and ensuring its proper functioning	Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Controller) – the processing is necessary for the purposes arising from the legitimate interests of the Controller – consisting of running and maintaining the Website	The data shall be stored for the duration of the legitimate interests pursued by the Controller, however, no longer than the statute of limitation of the Controller’s claims against the data subject on account of the Controller’s economic activity. The statute of limitation shall be determined by the provisions of law, in particular of the Civil Code (the basic statute of limitation for claims related to business activities is three years).
   Keeping statistics and analysing traffic on the Website	Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Controller) – the processing is necessary for the purposes arising from the legitimate interests of the Controller – consisting of statistics and website traffic analysis in order to improve the functioning of the website and increase the range of provided services	The data shall be stored for the duration of the legitimate interests pursued by the Controller; however, no longer than the statute of limitation of the Controller’s claims against the data subject on account of the Controller’s economic activity. The statute of limitation shall be determined by the provisions of law, in particular, of the Civil Code (the basic statute of limitation for claims related to business activities is three years).

   
   
   

4. RECIPIENTS OF DATA ON THE WEBSITE

1. For the proper functioning of the Website, including the proper provision of Electronic Services by the Controller, it is necessary for the Controller to use the services of external entities (such as software providers, payment processors). The Controller shall only use the services of such processors who provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of the GDPR Regulation and protects the rights of data subjects.
2. Personal data may be transferred by the Controller to a third country, whereby the Controller shall ensure that, in such case, the transfer will take place to a country ensuring an adequate level of protection - in accordance with the RODO Regulation, and in the case of other countries that the transfer will take place on the basis of standard data protection clauses. The Controller shall ensure that the Data Subject has the opportunity to obtain a copy of their data. The Controller shall transfer the collected personal data only if and to the extent necessary for the fulfilment of the specific purpose of the processing in accordance with this Privacy Policy.
3. Transfer of data by the Controller does not take place in every case and not to all recipients or categories of recipients indicated in the Privacy Policy – the Controller transfers data only if it is necessary for the realisation of a given purpose of personal data processing and only to the extent necessary for its realisation.
4. Personal data of the Website’s Users may be transferred to the following recipients or categories of recipients:
   • entities processing electronic or credit card payments - in the case of a User who uses the electronic or credit card payment method on the Website, the Controller shall make the collected personal data of the User available to a selected entity processing the above payments on the Website at the request of the Controller to the extent necessary to process the payment made by the User.
   • service providers supplying the Controller with technical, IT and organisational solutions enabling the Controller to conduct their business activity, including the Website and Electronic Services provided by their means (in particular, software providers for running the Website, email and hosting providers and providers of business management and technical support software for the Controller) – the Controller shall make the collected personal data of the User available to a selected provider acting on their instructions only if and to the extent necessary for the realisation of a given purpose of data processing in accordance with this Privacy Policy.
   • providers of accounting, legal and advisory services supplying the Controller with accounting, legal or advisory support (in particular, an accounting office, a law firm or a debt collection company) – the Controller shall make the collected personal data of the User available to a selected provider acting on their instructions only if and to the extent necessary for the realisation of a given purpose of data processing in accordance with this Privacy Policy.
     
     

5. PROFILING ON THE WEBSITE

1. The GDPR Regulation imposes an obligation on the Controller to provide information on automated decision-making, including profiling as referred to in Article 22(1) and (4) of the GDPR Regulation, and – at least in these cases – relevant information on the principles of such decision-making, as well as on the significance and foreseeable consequences of such processing for the Data Subject. With this in mind, the Controller provides information on possible profiling in this section of the privacy policy.
2. The Controller may use profiling on the Website for direct marketing purposes, but the decisions taken on its basis by the Controller do not concern the conclusion or refusal of the Service Contract or the possibility of using Electronic Services on the Website. The effect of using profiling on the Website may be, for example, reminding the User about unfinished actions on the Website, sending them a discount or a service proposal that may suit their interests or preferences, or offering better conditions in comparison with the standard offer of the Website. Despite the profiling, it is up to the individual User to decide whether they wish to use, for example, an offer or discount received in this manner.
3. Profiling on the Website consists in the automatic analysis or forecast of a given person’s behaviour on the Website, or through the analysis of previous purchases or history of activities undertaken on the Website. The condition for such profiling is for the Controller to have the personal data of the data subject in order to be able to subsequently send him or her, for example, a discount code or an offer.
4. The data subject shall have the right not to be subject to a decision which is based solely on automated processing, including profiling, and which produces legal effects concerning that person or significantly affects him or her in a similar manner.
   
   

6. RIGHTS OF THE DATA SUBJECT

1. Right of access, rectification, restriction, erasure or transfer – the data subject shall have the right to request from the Controller access to their personal data, their rectification, erasure ("right to be forgotten") or restriction of processing and shall have the right to object to the processing, as well as the right to transfer their data. The detailed conditions for exercising the rights indicated above are indicated in Articles 15-21 of the GDPR Regulation.
2. Right to withdraw consent at any time – the person whose data are processed by the Controller on the basis of expressed consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR Regulation) has the right to withdraw consent at any time without affecting the legality of the processing performed on the basis of consent before its withdrawal.
3. Right to lodge a complaint to the supervisory authority – the person whose data are processed by the Controller has the right to lodge a complaint to the supervisory authority in the manner and mode specified in the provisions of the GDPR Regulation and Polish law, in particular, the Personal Data Protection Act. The supervisory authority in Poland is the President of the Office for Personal Data Protection.
4. Right to object – the data subject shall have the right to object at any time – on grounds relating to their particular situation – to the processing of personal data concerning them based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling under these provisions. The Controller shall in that case no longer be permitted to process such personal data unless the Controller demonstrates important legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims.
5. Right to object to direct marketing – where personal data are processed for the purposes of direct marketing, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, including profiling, insofar as the processing is related to such direct marketing.
6. In order to exercise the rights referred to in this section of the privacy policy, the Controller may be contacted by sending an appropriate message in writing or by email to the address of the Controller indicated at the beginning of the privacy policy.
   
   

7.COOKIES ON THE WEBSITE

1. Cookies are small information in the form of text files sent by a server and stored on the side of a person visiting the Website (e.g. on the hard disk of a computer, laptop or smartphone memory card – depending on the device used by the visitor of the Website). Detailed information on cookies, as well as the history of their creation, can be found here: https://pl.wikipedia.org/wiki/HTTP_cookie.
2. Cookies that may be sent by the Website can be divided into different types, according to the following criteria:
   
   
   
   Based on their provider:
   
   1) own (created by the Controller’s website) and
   2) owned by third parties (other than the Controller)

   
   Based on the duration of their storage on the device of the person visiting the Website:
   
   1) session (stored until logout or leaving the Website or switching off the web browser) and
   2) permanent (stored for a specified period of time, defined by the parameters of each file or until manual removal)

   
   Based on the purpose of their use:
   
   1) necessary (enabling the proper functioning of the Website),
   2) functional/preferential (enabling adjustment of the Website to the visitor’s preferences)
   3) analytical and efficiency (gathering information on the manner of using the Website)
   4) marketing, advertising and social networking (gathering information about the person visiting the Website in order to display personalised advertising to that person and to conduct other marketing activities, including on websites separate from the Website, such as social networking sites)
3. The Controller may process data contained in Cookies when visitors use the Website for the following specific purposes:
   • identifying Clients as logged in to the Website and showing that they are logged in (essential cookies)
   • remembering data from completed forms, surveys or login data to the Website (essential and/or functional/preferential cookies)
   • remembering Training Services added to the electronic shopping cart in order to place an Order (essential cookies)
   • adapting the content of the Website to the individual preferences of the User (e.g. as regards colours, font size, page layout) and optimising the use of the Website (functional/preferential Cookies)
   • conducting anonymous statistics presenting the manner of use of the Website (analytical and efficiency cookies)
4. Checking in the most popular web browsers which Cookies (including the duration of Cookies and their provider) are sent at a given moment by the Website is possible in the following way:
   • In Chrome: (1) in the address bar, click on the padlock icon on the left, (2) go to the "Cookies" tab.
   • In Firefox: (1) in the address bar, click on the shield icon on the left, (2) go to the "Allowed" or "Blocked" tab, (3) click on the box "Tracking cookies between sites", "Social media tracking elements" or "Content with tracking elements"
   • In Internet Explorer: (1) click the "Tools" menu, (2) go to the "Internet Options" tab, (3) go to the "General" tab, (4) go to the "Settings" tab, (5) click the "View Files" box
   • In Opera:(1) in the address bar, click on the padlock icon on the left, (2) go to the "Cookies" tab.
   • In Safari:(1) click on the "Preferences" menu, (2) go to the "Privacy" tab, (3) click on the "Manage site data" box
   • Irrespective of the browser, using the tools available on the website, for example: https://www.cookiemetrix.com/  or:  https://www.cookie-checker.com/
     
     
5. By default, most web browsers on the market accept the storage of cookies. You can determine the conditions for the use of cookies via your browser settings. This means that you can, for example, partially restrict (e.g. temporarily) or completely disable the storage of cookies – in the latter case; however, this may have an impact on certain functionalities of the Website.
6. The settings of the web browser concerning Cookies are important from the perspective of consent to the use of Cookies by the Website – in accordance with the regulations, such consent may also be expressed through the settings of the web browser. Detailed information on changing the cookies settings and their independent deletion in the most popular web browsers is available in the help section of the web browser and on the following sites (just click on the link):
   • in Chrome
   • in Firefox
   • in Internet Explorer
   • in Opera
   • in Safari
   • in Microsoft Edge
     
     
7. The Controller may use Google Analytics and Universal Analytics services on the Website provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). These services help the Controller keep statistics and analyse traffic on the Website. The data collected are processed as part of the above services to generate statistics that help administer the Website and analyse traffic on the Website. The data are of an aggregate nature. The Controller, using the above services on the Website, collects such data as the sources and medium of obtaining visitors to the Website and their behaviour on the Website, information on the devices and browsers from which they visit the Website, IP and domain, geographical data and demographic data (age, gender) and interests.
8. It is possible for a person to easily block the release of information to Google Analytics about their activities on the Website – for this purpose, it is possible, for example, to install a browser add-on provided by Google Ireland Ltd. available here: https://tools.google.com/dlpage/gaoptout?hl=pl.

8. FINAL PROVISIONS

The Website may contain links to other websites. The Controller encourages the users to familiarise themselves with the privacy policy established after having visited other websites. This privacy policy applies only to the Controller’s Website.