Privacy Policy

I respect your privacy and exercise due care to protect your personal data.

This document provides you with information on how I process your personal data and for what purposes I use it in connection with my business activities.

This Privacy Policy is based on the applicable data protection laws.

It sets out the principles, purposes, and legal bases for the processing of your data, the rights to which you are entitled in relation to the personal data you provide, and informs you about the applicable legal provisions protecting your personal data.

Please read this Privacy Policy carefully before you start using my Services.

I. DEFINITIONS

1. Controller – Kinga Miśkiewicz conducting business activity under the name Prisma Digital Atelier Kinga Miśkiewicz, Tax Identification Number (NIP): 7331366649, Niesułków Kolonia 59A, 95-010 Stryków,
2. EEA – the European Economic Area; a free trade zone and common market comprising the Member States of the European Union and the European Free Trade Association (EFTA), excluding Switzerland,
3. Newsletter – a service consisting in the Controller sending, to the provided e-mail address, information regarding the Controller’s activities, offered services, products, or content available on the Website,
4. Cookies – IT data, in particular text files stored on the end device of the Website User. They enable the storage of preferences, facilitate the use of the Website, and allow for the collection of anonymous statistical data,
5. Privacy Policy – this document,
6. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC; these are legal provisions governing the principles of personal data processing and the related rights and obligations,
7. Website – the website available at www.prismaatelier.com and all its subpages,
8. Services – any product, service, content, functionality, technology, or feature, as well as all related websites and applications that I offer to you, whether on a continuous or occasional basis,
9. User – any person visiting the Website, the social media accounts operated by the Controller, or using the Services offered by the Controller via the Website.

II. BASIC INFORMATION

1. I am the Controller within the meaning of the GDPR in relation to the personal data of Users who are natural persons.
2. The Controller determines the purposes and means of processing Users’ personal data independently and on its own responsibility. I do not have a Data Protection Officer.
3. If you have any questions or doubts regarding how your personal data is protected, please contact: kinga@prismaatelier.com or contact@kingamiskiewicz.com, Kinga Miśkiewicz, Niesułków Kolonia 59A, 95-010 Stryków.
4. Personal data means any information that may be used to identify a natural person, such as first and last name, telephone number, e-mail address, or correspondence address.
5. The terms “process” or “processing” mean any operations or sets of operations performed on your personal data (e.g. storing or analysing it for the purpose of providing services).
6. By clicking links on the Website, you may be redirected to websites or services provided by entities other than the Controller and therefore beyond any direct or indirect control of the Controller, where the processing of data, including the collection of personal data, is carried out in accordance with the rules established by those entities, e.g. in the privacy policy applicable to such services or applications. The Controller recommends that you review the terms and privacy policies adopted by those entities.
7. The Controller maintains business profiles on social media platforms such as Facebook, Instagram, YouTube, Pinterest, TikTok, and LinkedIn. Social media plugins directing to social networking sites are used on the Website. The rules of data processing on social media profiles depend on their providers. The Controller recommends that you review the terms and privacy policies adopted by those entities.

III. COLLECTION OF PERSONAL DATA

1. Collection of personal data directly from the User

   1) The Website offers the possibility to contact the Controller via e-mail, as well as through functionalities such as a contact form on the Website and the option to schedule an online consultation.

   2) In the case of contact using the means referred to in section 1 above, I collect all information that you decide to provide during the conversation or in the course of correspondence with me.

1.  

2. Data collected automatically

1. 1. While using the Website, the following information is automatically collected:

      a) device data – I collect information regarding the device you use, such as the operating system version and unique identifiers,

      b) location information – depending on the privacy settings of your device, I automatically collect and process information about your current location. To determine your location, I use various technologies, including IP address, GPS, Wi-Fi access points, and cellular network base stations,

      c) log data – I collect technical details, including the Internet Protocol (IP) address of your device, information about time zone and operating system. I also store information about your log-in activity and the type and version of the web browser you use,

      d) Website activity data – I collect information regarding your activity on the Website, in particular information about the pages from which you are redirected to my Website, the date of each visit, your search results, the duration of your visit on the Website, as well as the order in which individual sections (subpages) of my Website are visited,

      e) cookies – the Website uses Cookies. More information regarding the purposes and methods of using Cookies is provided in the further part of the Privacy Policy.

3. Personal data obtained from third parties or publicly available sources

I do not exclude the possibility that I may also obtain your personal data in other ways, including:

a) obtaining certain technical information and usage-related data from analytics service providers (e.g. Google, Facebook),

b) obtaining address and contact data related to business activities from publicly available registers (e.g. Central Registration and Information on Business, National Court Register), publicly available social media accounts, websites you operate, blogs, etc.,

c) other Users, to the extent they correspond with me regarding the Services (e.g. an e-mail inquiry regarding a matter previously agreed with you, and then referring to those matters – including personal data – by a third party).

4. Collection of personal data from children

The Services are not directed to children under 16 years of age. If I determine that data of a person under 16 years of age has been provided without parental/guardian consent, such data will be deleted.

IV. PURPOSES AND LEGAL BASES FOR THE PROCESSING OF PERSONAL DATA

Your personal data will be processed only where it is lawful to do so under applicable law:

1) on the basis of consent (Article 6(1)(a) GDPR)

The data will be processed on the basis of your freely given consent, in particular for the purposes of:

a) the use of Cookies for the proper functioning of the Website and its subpages, as well as for collecting data from the Website,

b) subscription to and sending of the Newsletter,

c) submitting reviews regarding the Services,

d) sending marketing information regarding the Services,

e) sending commercial offers by electronic means.

On this basis, I process such data as: first name, last name, IP address, and e-mail address.

Consent may be withdrawn at any time, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

2) due to necessity for the performance of a contract or to take steps prior to entering into a contract (Article 6(1)(b) GDPR)

The data will be processed to the extent necessary for:

a) responding to inquiries submitted via the contact form,

b) sending offers of Services,

c) performance of the Service or fulfilment of a concluded contract,

d) acceptance and processing of orders in the online store,

e) payment processing,

f) provision of consultations,

g) handling complaints or withdrawal from a contract.

On this basis, I process such data as: first name, last name, e-mail address, contact details, address details, billing address, telephone number, Tax Identification Number (NIP), and bank account details.

Providing the data is voluntary, but necessary for the conclusion and performance of the contract.

3) due to the necessity of compliance with a legal obligation incumbent on the Controller (Article 6(1)(c) GDPR)

The data may be processed for the purpose of fulfilling obligations arising from legal provisions, in particular:

a) demonstrating compliance with obligations under the GDPR, including the creation of registers, records, and other documentation,

b) issuing invoices and fulfilling tax and accounting obligations,

c) handling complaints or withdrawal from a distance contract.

On this basis, I process such data as: first name, last name, e-mail address, contact details, address details, billing address, telephone number, Tax Identification Number (NIP), and bank account details.

4) based on the legitimate interest of the Controller (Article 6(1)(f) GDPR)

The data may be processed on the basis of the Controller’s legitimate interest, consisting in:

a) pursuing or defending against potential claims,

b) conducting statistics and analyses regarding the functioning of the Website, analysing Users’ activity on the Website and Users’ preferences,

c) ensuring the security of the Website and its management, including improving its functionality and performance,

d) contacting you,

e) creating databases,

f) managing the account on the Instagram social media platform under the name [*] and interacting with users of this platform,

g) managing the account on the LinkedIn social media platform under the name [*] and interacting with users of this platform,

h) managing the account on the TikTok social media platform under the name [*] and interacting with users of this platform,

i) managing the account on YouTube under the name [*] and interacting with users of this platform,

j) managing the account on Pinterest under the name [*] and interacting with users of this platform,

k) managing the page on the Facebook social media platform under the name [*] and interacting with users of this platform,

l) conducting satisfaction surveys regarding the offered Services and collecting reviews,

m) archiving correspondence for evidentiary purposes.

On this basis, I process such data as: first name, last name, e-mail address, contact details, address details, billing address, telephone number, Tax Identification Number (NIP), bank account details, IP address, profile name, profile picture, content of posts and comments.

V. USER RIGHTS

1. You have the following rights in relation to your personal data:

   1) right of access to personal data – the right to request information regarding the processing of personal data. The right of access allows you to verify for what purposes and on what legal bases I process your data,

   2) right to rectification of personal data – this right enables you to request the correction of inaccurate data or the completion of incomplete data,

   3) right to erasure of personal data – this right enables you to request the deletion of your personal data if they are no longer necessary for the purposes for which they were collected,

   4) right to obtain a copy – you have the right to obtain a copy of the personal data being processed,

   5) right to restriction of processing of personal data – this right allows you to request the Controller to suspend the processing of your personal data in the following situations: (i) when you contest the accuracy of the data; (ii) when the processing is unlawful but you do not want the data erased; (iii) when the Controller no longer needs the personal data for processing purposes, but they are required by you for the establishment, exercise, or defence of legal claims; (iv) when you have objected to the processing, but I need to verify whether I still have overriding legitimate grounds to continue processing your personal data,

   6) right to object – you have the right to object at any time to the processing of your personal data in the following cases:

   a) for reasons related to your particular situation, where processing is based on legitimate interest for purposes other than marketing (Article 6(1)(f) GDPR),

   b) to the processing of data for marketing purposes, without the need to justify such objection.

   7) right to data portability – you have the right to receive your personal data in a structured, commonly used, and machine-readable format, enabling its electronic transfer, provided that the data are processed by automated means on the basis of a contract or consent. You may also request that such data be transmitted directly to another entity, where technically feasible,

   8) right to withdraw consent – where you have given me consent to process your personal data, you have the right to withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal. Consent may be withdrawn by sending a request to the e-mail address indicated in Part II, section 3 of the Privacy Policy,

   9) right to lodge a complaint – if you believe that the processing of your personal data violates the GDPR or other applicable data protection laws, you have the right to lodge a complaint with the supervisory authority competent for data protection matters. In Poland, the supervisory authority is the President of the Personal Data Protection Office (Urząd Ochrony Danych Osobowych), Stanisława Moniuszki 1A Street, 00-014 Warsaw.

2. In order to exercise your rights, please contact me via e-mail at: kinga@prismaatelier.com or contact@kingamiskiewicz.com or by traditional mail at the following address: Kinga Miśkiewicz, Niesułków Kolonia 59A, 95-010 Stryków. As a rule, the exercise of rights is free of charge – there is no requirement to pay a fee for exercising the right of access to your personal data (or any other rights). However, I may charge a reasonable fee or refuse to act on the request if the request is manifestly unfounded or excessive, in particular due to its repetitive nature.
3. I make every effort to respond to all legally justified requests within one month. In the case of a complex nature of the request or a large number of requests, this period may be extended by a further two months, in which case you will be informed thereof together with the reasons for the delay.

VI. RECIPIENTS OF PERSONAL DATA

1. Your data may be disclosed to external entities whose services I use in connection with conducting my business activity, as well as operating the Website and social media profiles. I may share your personal data with the following categories of recipients:

   1) third-party service providers – I use the services of third parties that assist me in delivering specific solutions related to my Services, e.g. data storage in the cloud, hosting providers, and entities providing marketing campaign services on my behalf. Such service providers may be established both within the European Economic Area (“EEA”) and outside it,

   2) marketing and analytics service providers – in order to improve the Services, I may share information about you in a form that does not enable identification of Users with analytics service providers that help me analyse how Users use my Website. For the purposes of monitoring and reporting the effectiveness of my business partners’ campaigns, as well as for internal business analysis, I share information with them in a form that does not enable identification of Users,

   3) law enforcement authorities, supervisory authorities and others – I may disclose your personal data to law enforcement authorities, supervisory authorities, public authorities, entities performing public tasks or acting on behalf of public authorities, as well as other third parties. Such disclosure takes place in connection with the fulfilment of legal obligations.

2. The main recipients of data are:

   1) HOSTINGER Operations, UAB, Švitrigailos str. 34, Vilnius 03230, Lithuania – an entity providing hosting services for the Website, technical support, storage of data collected on the server, and e-mail service handling,

   2) Agnieszka Sobala, conducting business activity under the company name Firma Usługowa Agpit Agnieszka Sobala, ul. Olszynowa 16G/2, 62-020 Rabowice, Poland – an entity providing accounting services,

   3) mBank S.A., ul. Prosta 18, 00-850 Warsaw, Poland – an entity providing an invoicing system,

   4) Zencal sp. z o.o., ul. Mogilska 65, 31-545 Kraków, Poland – an entity providing a service used for scheduling and conducting online consultations via a web browser,

   5) MailerLite Limited, Ground Floor, 71 Lower Baggot Street, Dublin 2, D02 P593, Ireland – an entity providing a system for sending the Newsletter,

   6) PayU S.A., ul. Grunwaldzka 186, 60-166 Poznań, Poland – an entity providing fast online payment services,

   7) PayPro S.A., ul. Pastelowa 8, 60-198 Poznań, Poland – an entity providing an online payment system, handling payments via Przelewy24, BLIK, payment cards, Apple Pay, and Google Pay,

   8) Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Dublin 2, D02 XW14, Ireland – an electronic payment service provider enabling transaction processing in the online store,

   9) Pinterest Europe Ltd., Waterloo Exchange, 3rd Floor, Waterloo Road, Dublin 4, Ireland – an entity providing the Pinterest platform on which the social media profile is maintained,

   10) Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland – an entity providing cloud storage and document editing services (Microsoft 365 / OneDrive),

   11) Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02X525, Ireland – an entity providing the platform on which the Instagram social media profile and the Facebook page (fanpage) are maintained, as well as the Meta Pixel tool,

   12) LinkedIn Ireland Unlimited Company, Legal Dept. (Privacy Policy and User Agreement), Wilton Place, Dublin 2, Ireland – an entity providing the platform on which the social media profile is maintained,

   13) Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland – an entity providing Website security tools, analytics tools (Google Analytics), and advertising tools (Google Ads),

   14) Canva Pty Ltd., 110 Kippax Street, Surry Hills NSW 2010, Australia – provider of the Canva service (graphic design software),

   15) Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA – an entity providing the WordPress content management system (CMS) used for website creation, as well as the WooCommerce plugin enabling the operation of an online store,

   16) Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA – an entity providing e-mail services, cloud document storage, and the YouTube platform,

   17) Manychat, 535 Mission St., San Francisco, California 94105, USA – an entity providing automation systems used on social media platforms,

   18) Adobe Inc., 345 Park Avenue, San Jose, CA 95110-2704, USA – a provider of software for viewing and creating PDF documents and designing graphic materials.

VII. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

1. Your personal data may be transferred to countries outside the EEA only where necessary, for example in connection with the use of services provided by international entities (e-mail marketing systems, analytics tools, payment operators, hosting providers). The level of protection of personal data in third countries may differ from the level of protection applicable within the EEA.
2. In such cases, legal mechanisms ensuring an adequate level of protection of personal data are applied, in particular:

   1) transfer of data to countries in respect of which the European Commission has issued a decision confirming an adequate level of data protection,

   2) application of appropriate safeguards required under the GDPR, in particular mechanisms referred to in Article 46 GDPR, such as:

   a) standard contractual clauses adopted by the European Commission (Standard Contractual Clauses),
   b) binding corporate rules (Binding Corporate Rules) approved by the competent supervisory authority,

   3) other appropriate safeguards provided for under the GDPR.

3. In exceptional cases, data may also be transferred outside the EEA on the basis of your explicit consent, where no other legal basis for such transfer exists.
4. Further information regarding the rules for transferring data outside the EEA can be obtained here or by contacting the Controller.

VIII. RETENTION PERIOD AND PLACE OF STORAGE OF PERSONAL DATA

1. The data I collect about you will be stored and processed both within the EEA and outside it, on appropriately secured servers.
2. I store your data for as long as it is necessary to achieve the purposes for which it was collected, taking into account the legal basis for processing:

   1) on the basis of a concluded contract or steps taken prior to entering into a contract – data are stored for the duration of the contract, and after its termination for the period necessary for settlement purposes and potential defence against claims. Data processed for the purpose of establishing, pursuing, or defending claims are stored for the limitation period of such claims (6 years for consumers, 3 years for entrepreneurs),

   2) on the basis of a legal obligation – data are stored for the period required by law, including tax, accounting, and GDPR regulations,

   3) on the basis of consent – data are processed until consent is withdrawn or until the expiry of the period indicated at the time consent is given,

   4) on the basis of the Controller’s legitimate interest – data are processed until the purpose of processing is achieved or until you object to such processing (Article 21 GDPR),
   
   5) technical and administrative data:

   a) data related to website administration or analytical purposes – until they become outdated or cease to be useful,
   b) Cookies data – for the duration of the cookies’ lifecycle or until they are deleted by the User,

   6) Newsletter and marketing – data processed in connection with Newsletter subscription are stored for the duration of the Newsletter service or until consent is withdrawn,

   7) forms and website functionalities:

   a) data from the contact form – for the period necessary to handle the request or inquiry,
   b) data from the review or comment forms – for the duration of the Website’s existence,
   c) data related to social media platforms (Facebook, Instagram, TikTok, YouTube, Pinterest, LinkedIn) – for the duration of existence of groups, accounts, or business pages on the respective platform.

IX. REQUIREMENT TO PROVIDE DATA

1. The provision of personal data is voluntary; however, in certain cases it may be necessary for the conclusion or performance of a contract, to respond to an inquiry, to provide the Services, or to use specific Website functionalities.
2. Where the processing of data is necessary for the conclusion or performance of a contract, failure to provide such data may prevent the conclusion of the contract or the provision of the Service.
3. The provision of data required by law (e.g. in connection with tax or accounting obligations) is mandatory – failure to provide such data may prevent the fulfilment of obligations arising from legal provisions.
4. In the case of data processed on the basis of consent, their provision is voluntary, and consent may be withdrawn at any time without affecting the lawfulness of processing carried out prior to its withdrawal.

X. ORGANISATIONAL AND TECHNICAL MEASURES AND SECURITY OF PERSONAL DATA PROCESSING

1. The information I obtain about you, including information containing personal data, is stored on appropriately secured servers.
2. In order to ensure the security of personal data processing, appropriate and necessary technical and organisational measures have also been implemented to protect personal data. In particular, I ensure that the personal data I process are:

   1) processed in compliance with applicable law,
   2)collected only for specified purposes and not further processed in a manner incompatible with those purposes,
   3) adequate and limited to what is necessary in relation to the purposes for which they are processed,
   4) accurate and, where necessary, kept up to date,
   5) stored no longer than is necessary for the purposes of processing,
   6) properly secured against unauthorised access, loss, or destruction,
   7) not transferred to a country outside the EEA without adequate protection.

3. Despite the use of appropriate data protection measures, please note that the transmission of information via the Internet or publicly accessible networks can never be considered completely secure, and there is a risk that unauthorised third parties may gain access to your personal data.

XI. AUTOMATED DATA PROCESSING AND PROFILING

1. I may analyse the personal data of Newsletter subscribers, the manner of use of the Website, transaction history carried out within it, and users’ activity on my social media profiles (e.g. on Instagram, Facebook, YouTube, Pinterest, TikTok, LinkedIn).
2. This analysis may be carried out in an automated manner using tools provided by service providers, such as the Newsletter mailing system or the owners of social media platforms. However, such processing does not result in decisions being taken about you that produce legal effects or otherwise significantly affect your situation, rights, or freedoms.
3. The processing of data in this manner is primarily intended to better understand users’ preferences and to tailor the content, communications, and offers I create to the interests of recipients.

XII. COOKIE POLICY

1. The Website uses Cookies and similar tracking technologies for the purposes of:

   1) ensuring the security and proper functioning of the Website,
   2) providing Services offered electronically and improving their quality,
   3) analysing how the Website is used and improving its functionality,
   4) tailoring content and offers to your preferences,
   5) remembering Cookie preferences,
   6) conducting marketing activities, including displaying personalised advertisements,
   7) connecting with social media platforms.

2. Cookies are IT data, in particular text files stored on the end device of the Website User (computer, tablet, phone). They enable the storage of your preferences, facilitate the use of the Website, and allow the collection of anonymous statistical data.
3. The following basic types of Cookies are used on the Website:

   1) necessary – essential for the proper functioning of the Website (e.g. login, shopping cart, language settings); these do not require consent,
   2) functional – remember your settings and preferences, e.g. website language,
   3) analytical – help understand how you use the Website and improve its functionality; require your consent,
   4) marketing/advertising – allow tailoring advertisements and offers to your interests; require your consent,
   5) performance – enable analysis of key performance indicators of the Website,
   6) other – cookies that do not fall within the above categories, e.g. those related to social media.

4. The use of Cookies other than necessary requires your consent. You may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.
5. Some Cookies originate from me, while others come from third parties (e.g. Google Analytics, Facebook, LinkedIn), which apply their own data protection rules. Information collected by these tools is mostly anonymous; however, where it can be linked to an individual, processing is based on your consent.D
6. uring your first visit to the Website, a message informing about the use of Cookies is displayed. You may then consent to specific types of Cookies or use only the necessary Cookies.
7. You can manage Cookies through your web browser settings. You may block, delete, or set notifications for each Cookie. However, please note that restricting or disabling certain Cookies may affect the functioning of the Website or make some features unavailable.
8. Cookie preferences are stored locally on your device. When using a different device or browser, it may be necessary to set your preferences again.
9. You may additionally manage your privacy through appropriate browser settings, using private browsing mode (incognito), installing browser extensions for Cookie management, or using tools provided by internet service providers. In particular, you may use solutions provided by analytics and advertising providers, such as ad settings or mechanisms allowing you to opt out of data analysis (e.g. Google Analytics Opt-out).

XIII. OTHER TECHNOLOGIES, TOOLS AND FUNCTIONALITIES

The Website uses various tools and functionalities supporting its operation, traffic analysis, communication with Users, and integration with social media and marketing tools:

1) Contact form

The Website provides a contact form enabling you to contact the Controller. Use of the contact form is voluntary.

In order to submit an inquiry, it is necessary to provide personal data required to establish contact and respond. Providing data marked as mandatory is necessary to process the inquiry, and failure to provide such data will make it impossible to send the message.

The scope of such data includes in particular: first name and last name, and e-mail address.

The User may also voluntarily provide other data if they consider it helpful for handling the inquiry. In connection with the use of the contact form, technical data such as IP address or information about the web browser may also be collected, which are used to ensure the security of the Website and protection against spam.

2) Order form (online store)

When placing an order in the online store, it is necessary to provide data required to fulfil the order and conclude the contract.

The scope of such data includes in particular: first name and last name, company name (if applicable), Tax Identification Number (NIP), residential or business address, delivery address, and e-mail address.

These data are processed for the purpose of fulfilling the order, performing the contract, as well as for compliance with legal obligations, including tax and accounting settlements, and for potential establishment, exercise, or defense of claims, including complaints.

3) Reviews

I provide the possibility to leave a review. Use of this functionality is voluntary.

In order to publish a review, the User may be asked to provide, within the form, such data as first name, name, e-mail address, website name (optional), and the content of the review.

4) Newsletter

A User may subscribe to the Newsletter in order to receive information about new content, services, or products.

For this purpose, personal data in the form of first name and e-mail address are processed. Providing these data is voluntary; however, it is necessary in order to subscribe to the Newsletter. Subscription to the Newsletter requires confirmation of the e-mail address.

Subscription to the Newsletter constitutes consent to receive marketing and commercial information by electronic means within the meaning of the Act on the Provision of Electronic Services, as well as to the use of telecommunications terminal equipment for the purpose of direct marketing.

The granting of consent is voluntary, however it is necessary to receive the Newsletter. You may withdraw your consent at any time, which will result in the cessation of sending messages.

The mailing system may record activity related to sent messages, in particular information about their opening, clicks on links, and unsubscribe requests.

For sending the Newsletter and managing the subscriber list, I use the services of an external provider – MailerLite Limited, Ground Floor, 71 Lower Baggot Street, Dublin 2, D02 P593, Ireland, which may process personal data for the purpose of Newsletter administration and analysis of the effectiveness of sent messages. Cookies and similar tracking technologies may be used within these services.

5) Social media

The Controller maintains social media profiles, in particular on Instagram, Facebook, Pinterest, TikTok, YouTube, and LinkedIn.

Personal data published by users on these platforms may be processed for the purposes of managing and administering the profiles, communicating with users, responding to inquiries, conducting informational and marketing activities, as well as for statistical and analytical purposes.

The legal basis for processing is the Controller’s legitimate interest, consisting in maintaining communication and building a community around the Controller’s activities.

The Controller processes only data that users have made publicly available on their profiles or voluntarily provided through interactions, such as first name, last name, comment content, and profile picture. The detailed rules governing the processing of personal data by the operators of social media platforms are set out in their terms and privacy policies.

6) Social media plugins

Plugins enabling redirection to social media profiles (Facebook, Instagram, YouTube, Pinterest, TikTok, LinkedIn) or sharing content on these services (“Share”) may be used on the Website. The plugins are marked with the logo of the respective social media platform.

Personal data are transmitted only after you actively click the relevant button. Upon clicking, your browser establishes a direct connection with the servers of the social media platform operator, and you may be redirected to the website of an external provider. The use of these features may involve the use of Cookies.

From that moment on, user data may be processed by the operator of the respective platform in accordance with its rules, and the platform owner becomes a joint controller of personal data processing. The Controller has no influence over the scope or manner of data processing by these providers. Data may be transmitted regardless of whether you have an account on the given social media service or whether you are currently logged in. However, if you are logged into the platform at the time of using the plugin, the collected information may be directly linked to your profile on that service.

7) ManyChat

The Controller uses the ManyChat tool – a chatbot solution provided by MANYCHAT, INC., 535 Mission St, San Francisco, CA 94105, USA, which enables automated communication with Users within social media platforms. This tool may be used to provide automated responses to messages, deliver information, and conduct marketing activities.

Automations created in ManyChat are not used to make fully automated decisions about you. As the Controller, I am able to supervise and modify the operation of automations at any stage of their functioning.

The scope of such data includes in particular: first name and last name, e-mail address, IP address, publicly available data from the User’s social media profiles, content of correspondence and comments, and information contained in Cookies.

Personal data are processed for communication purposes on the basis of Article 6(1)(a) GDPR, i.e. your consent to the processing of personal data using automated systems for marketing purposes. You may withdraw your consent to the processing of data by ManyChat at any time by contacting the Controller or directly ManyChat Inc.

ManyChat processes Users’ data on behalf of the Controller on the basis of a data processing agreement concluded between the parties.

8) Analytics and marketing tools

The Controller uses analytics and marketing tools that enable the analysis of how the Website is used and the assessment of the effectiveness of marketing activities, in particular:

a) Google Analytics – an analytics tool enabling the creation of statistics regarding Website usage, such as visited subpages, time spent on the Website, or traffic sources,

b) Meta Pixel – a tool enabling the analysis of the effectiveness of marketing and advertising activities and targeting advertisements to appropriate audience groups. The data collected is anonymous,

c) Google Search Console – a tool enabling the analysis of the Website’s visibility in Google search results and optimisation of its performance.

The Controller may also use statistical features available within social media platforms such as Instagram, Facebook, YouTube, Pinterest, TikTok, or LinkedIn.

These tools use Cookies, and the processed data are anonymous and used solely for analytical and marketing purposes.

9) Security tools

The Website uses security tools designed to protect against spam, automated content generation, and other threats. These tools may process personal data such as IP address or browser information, including:

a) reCAPTCHA – a service provided by Google LLC used to distinguish users from bots. When using reCAPTCHA, personal data such as IP address may be processed.

b) CleanTalk – an anti-spam plugin used to verify the authenticity of comments and e-mail addresses. When used, it may record IP addresses and other data necessary to protect the Website against spam.

c) Solid WP – a WordPress plugin used to secure websites against hacker attacks.

Data processed by the above tools are used solely for the purpose of ensuring the security of the Website and protecting it against automated content submission.

XIV. WITHDRAWAL OF CONSENT TO DATA PROCESSING

Where the processing of your data is based on consent, you may withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal.

To withdraw your consent, please send an e-mail to the Controller’s address: kinga@prismaatelier.com or contact@kingamiskiewicz.com or, in the case of the Newsletter, use the “unsubscribe” link included in the received message.

XV. SERVER LOGS

1. Use of the Website involves sending requests to the server on which the Website is hosted.
2. Each request made to the server is recorded in server logs.
3. The logs include, among others, the User’s IP address, server date and time, information about the web browser and operating system used by the User.
4. Data recorded in server logs are not associated with specific individuals using the Website and are not used for the purpose of identifying Users.
5. The logs are stored and kept on the server.
6. Server logs are used solely as an auxiliary tool for administering the Website, and their content is not disclosed to anyone except persons authorised to administer the server.

XVI. CHANGES TO THE PRIVACY POLICY

1. This Privacy Policy may be updated in the event of changes to applicable law or changes in the manner of data processing.
2. The Controller will inform Users of any material changes via the Website or, where necessary, by e-mail.
3. Each version of the Privacy Policy will be marked with its effective date.

This document enters into force on: 21.04.2026