The following information constitutes a concise, clear, and transparent summary of the information provided in the Privacy Policy regarding the Data Controller, the purpose and method of processing personal data, and your rights related to such processing, presented in a form required to fulfill the information obligation under GDPR. Details regarding the processing methods and entities involved in this process are available in the aforementioned policy.

Who is the Data Controller?

The Data Controller of Personal Data (hereinafter referred to as the Controller) is “WEBYJUICE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ,” a company operating at the address: Cyfrowa 6, 71-441 Szczecin, Poland, with the assigned tax identification number (NIP): 7011218798, National Court Register (KRS): 0001122318, and REGON: 529416946, providing services electronically through the Website.

How can you contact the Data Controller?

The Controller can be contacted in one of the following ways:

• Postal address – WEBYJUICE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, Cyfrowa 6, 71-441 Szczecin, Poland
• Email address – hello@webyjuice.pl
• Phone number – +48 459 569 361
• Contact form – available at: /kontakt, /Brief

Has the Controller appointed a Data Protection Officer?

Pursuant to Article 37 of the GDPR, the Controller has not appointed a Data Protection Officer. For matters related to data processing, including personal data, please contact the Controller directly.

Where do we obtain personal data from, and what are their sources?

Personal data is obtained from the following sources:

• From the individuals to whom the data pertains
• In the case of registration via social media platforms, with the explicit consent of those individuals, from those social media platforms

What is the scope of personal data processed by us?

The Website processes ordinary personal data, voluntarily provided by the individuals to whom the data pertains. (E.g., first and last name, login, email address, phone number, IP address, etc.) The detailed scope of processed data is available in the Privacy Policy.

What are the purposes of processing your data?

Personal data voluntarily provided by Users is processed for one of the following purposes:

• Provision of electronic services:
  • User account registration and maintenance services on the Website, along with related functionalities
  • Newsletter services (including sending promotional content with consent)
  • Services for commenting on or liking posts on the Website without the need for registration
• Communication between the Controller and Users regarding matters related to the Website and data protection
• Ensuring the legitimate interests of the Controller

What are the legal bases for processing data?

The Website collects and processes Users’ data based on:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation):
  • Article 6(1)(a) The data subject has given consent to the processing of their personal data for one or more specific purposes
  • Article 6(1)(b) Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract
  • Article 6(1)(f) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
• The Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws 2018, item 1000)
• The Telecommunications Law Act of 16 July 2004 (Journal of Laws 2004, No. 171, item 1800)
• The Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994, No. 24, item 83)

What is the legitimate interest pursued by the Controller?

• For the purpose of establishing, pursuing, or defending against claims – the legal basis for processing is our legitimate interest (Article 6(1)(f) GDPR), which consists of protecting our rights, including, among others;
• For the purpose of assessing the risk of potential clients
• For the purpose of evaluating planned marketing campaigns
• For the purpose of conducting direct marketing

How long do we process personal data?

As a general rule, the specified personal data is stored only for the duration of the provision of services within the Website operated by the Controller. It is deleted or anonymized within a period of up to 30 days from the termination of the service provision (e.g., deletion of a registered user account, unsubscribing from the Newsletter, etc.). In exceptional circumstances, to safeguard the legitimate interests pursued by the Controller, this period may be extended. In such cases, the Controller will retain the specified data, from the time of the User’s request for its deletion, for no longer than 3 years in the event of a breach or suspected breach of the Website’s terms by the individual to whom the data pertains.

Who is the recipient of the data, including personal data?

As a general rule, the sole recipient of the data is the Controller. However, data processing may be entrusted to other entities performing services for the Controller to maintain the Website’s operations. Such entities may include, among others:

• Hosting companies providing hosting or related services for the Controller
• Companies through which the Newsletter service is provided
• Companies facilitating online payments for goods or services offered within the Website (in the case of purchase transactions on the Website)

Will your personal data be transferred outside the European Union?

Personal data will not be transferred outside the European Union, unless it has been made public as a result of an individual action by the User (e.g., entering a comment or post), which will make the data accessible to anyone visiting the Website.

Will personal data be used for automated decision-making?

Personal data will not be used for automated decision-making (profiling).

What rights do you have regarding the processing of personal data?

• Right of access to personal data Users have the right to obtain access to their personal data, exercised upon a request submitted to the Controller.
• Right to rectification of personal data Users have the right to request that the Controller promptly rectify inaccurate personal data or complete incomplete personal data, exercised upon a request submitted to the Controller.
• Right to erasure of personal data Users have the right to request that the Controller promptly erase their personal data, exercised upon a request submitted to the Controller. In the case of user accounts, data erasure involves anonymizing data that enables User identification.In the case of the Newsletter service, the User may independently erase their personal data using the link provided in each email sent.
• Right to restriction of processing of personal data Users have the right to restrict the processing of their personal data in cases specified in Article 18 of the GDPR, e.g., when questioning the accuracy of the personal data, exercised upon a request submitted to the Controller.
• Right to data portability Users have the right to obtain their personal data from the Controller in a structured, commonly used, and machine-readable format, exercised upon a request submitted to the Controller.
• Right to object to the processing of personal data Users have the right to object to the processing of their personal data in cases specified in Article 21 of the GDPR, exercised upon a request submitted to the Controller.
• Right to lodge a complaint Users have the right to lodge a complaint with a supervisory authority responsible for personal data protection.