PRIVACY POLICY


This Privacy Policy (hereinafter: "Policy") contains information on the processing of your personal data in connection with the use of the "Spells & Tools" (hereinafter: "Application").


Any capitalized terms not otherwise defined in the Policy shall have the meaning given to them in the Terms and Conditions, available at: golski.dev/spellsandtools/terms-of-use


Personal data Controller


The administrator of your personal data is Andrzej Gólski (contact address: SKR. NR 389 60-959 Poznań 2) (hereinafter: "Administrator").


Contact with the Administrator


In all matters related to the processing of personal data, you can contact the Controller via:

  1. e-mail - at: contact@golski.dev;

  2. traditional post – at the following address: Andrzej Gólski SKR. NR 389 60-959 Poznań 2;


Personal data protection measures


The Controller applies modern organisational and technical safeguards to ensure the best possible protection of your personal data and guarantees that it processes them in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: "GDPR"), the Act of 10 May 2018 on the Protection of Personal Data and Other Personal Data Protection Regulations.


Information on the personal data processed


The use of the Application requires the processing of your personal data. Below you will find detailed information about the purposes and legal grounds of processing, as well as the period of processing and the obligation or voluntariness to provide them.

Purpose of processing

Personal data processed

Legal basis

Conclusion and performance of the Account Service Agreement

  1. E-mail address

  2. Device identificators

Article 6(1)(b) of the GDPR


(processing is necessary for the performance of the Account Service Agreement concluded with the data subject or to take steps to conclude it)

Providing the above-mentioned personal data is a condition for concluding and performing the agreement for the provision of the Account Service (their provision is voluntary, but the consequence of failure to provide them will be the inability to conclude and perform the above-mentioned agreement, including the creation of the Account).


The Controller will process the above-mentioned personal data until the statute of limitations for claims under the Account Service Agreement expires.



Purpose of processing

Personal data processed

Legal basis

Conducting a complaint procedure

  1. name and surname

  2. E-mail address

Article 6(1)(c) of the GDPR


(processing is necessary for compliance with a legal obligation to which the Controller is subject, in this case the following obligations:

  • responding to a complaint – Article 7a of the Consumer Rights Act;

  • exercising the Customer's rights resulting from the provisions on the Controller's liability in the event of non-compliance of the Physical Goods with the Sales Contract or the Object of Digital Supply with the Contract applicable to it)

Providing the above-mentioned personal data is a condition for receiving a response to the complaint or exercising the Service Recipient's rights resulting from the provisions on the Controller's liability in the event of non-compliance of the Subject of Digital Service with the Agreement applicable to him (their provision is voluntary, but the consequence of failure to provide them will be the inability to receive a response to the complaint and the exercise of the above-mentioned rights).


The Controller will process the above-mentioned personal data for the duration of the complaint procedure, and in the case of exercising the above-mentioned rights of the Client – until their limitation expires.







Purpose of processing

Personal data processed

Legal basis

Conducting a verification procedure and considering appeals against decisions on dealing with unacceptable content

  1. name and surname/business name,

  2. contact details, including e-mail address

Article 6(1)(c) of the GDPR


(processing is necessary for compliance with a legal obligation to which the Controller is subject, in this case the following obligations:

  • provide a mechanism for reporting inappropriate content (Article 16 of Regulation 2022/2065 on the single market for digital services and amending Directive 2000/31/EC (Digital Services Act)(hereinafter: "DSA"),

(Article 20 of the DSA).

Providing the above-mentioned personal data is a condition for receiving a response to the report or exercising the User's rights under the provisions of the DSA (their provision is voluntary, but the consequence of failure to provide them will be the inability to receive a response to the report and the exercise of the above-mentioned rights).


The Controller will process the above-mentioned personal data for the duration of the complaint procedure, and in the case of exercising the above-mentioned rights of the User – until their limitation expires.



Purpose of processing

Personal data processed

Legal basis

Handling queries submitted by Users

  1. name

  2. E-mail address

  1. other data contained in the message to the Controller

Article 6(1)(f) of the GDPR


(processing is necessary for the purpose of pursuing the legitimate interest of the Controller, in this case responding to the inquiry received)

Providing the above-mentioned personal data is voluntary, but necessary in order to receive a response to the inquiry (the consequence of failure to provide them will be the inability to receive an answer).


The Controller will process the above-mentioned personal data until an effective objection is raised or the purpose of processing is achieved (whichever occurs first).



Purpose of processing

Personal data processed

Legal basis

Share Product Reviews

  1. name

  2. optionally – other data included in the Opinion

Article 6(1)(f) of the GDPR


(processing is necessary for the purpose of the legitimate interest of the Controller, in this case making the Opinion available for information and promotional purposes)

Providing the above-mentioned personal data is voluntary, but necessary in order to add an Opinion (the consequence of not providing them will be the inability to add an Opinion).


The Controller will process the above-mentioned personal data until an effective objection is raised or the purpose of processing is achieved (whichever occurs first).






Purpose of processing

Personal data processed

Legal basis

Compliance with obligations related to the protection of personal data

  1. name and surname

  2. contact details provided by you (e-mail address; correspondence address; telephone number)

Article 6(1)(c) of the GDPR


(processing is necessary to comply with a legal obligation to which the Controller is subject, in this case the obligations resulting from the provisions on the protection of personal data)

Providing the above-mentioned personal data is voluntary, but necessary for the proper performance by the Controller of the obligations resulting from the provisions on the protection of personal data, m.in. the exercise of the rights granted to you by the GDPR (the consequence of failure to provide the above-mentioned data will be the inability to properly exercise the above-mentioned rights).


The Controller will process the above-mentioned personal data until the expiry of the limitation periods for claims for violation of personal data protection regulations.





Purpose of processing

Personal data processed

Legal basis

Establishing, exercising or defending against legal claims

  1. Name and surname/company

  2. E-mail address

  3. address of residence/registered office

  4. PESEL number

  5. TIN

Article 6(1)(f) of the GDPR


(processing is necessary for the purpose of pursuing the legitimate interest of the Controller, in this case establishing, investigating or defending against claims that may arise in connection with the performance of the Agreements concluded with the Controller)

Providing the above-mentioned personal data is voluntary, but necessary in order to establish, pursue or defend against claims that may arise in connection with the performance of the Agreements concluded with the Controller (the consequence of failure to provide the above-mentioned data will be the inability of the Controller to take the above-mentioned actions)


The Controller will process the above-mentioned personal data until the expiry of the limitation periods for claims that may arise in connection with the performance of the Agreements concluded with the Controller.





Purpose of processing

Personal data processed

Legal basis

Analysis of your activity in the App

  1. Date and time of the visit

  2. IP number of the device

  3. device operating system type

  4. approximate location

  5. type of web browser

  6. time spent in the App

  7. visited subpages and other actions taken within the Application

Article 6(1)(f) of the GDPR


(processing is necessary for the purpose of the legitimate interest of the Controller, in this case obtaining information about your activity in the Application)

Providing the above-mentioned personal data is voluntary, but necessary in order for the Controller to obtain information about your activity in the Application (the consequence of failure to provide them will be the Controller's inability to obtain the above-mentioned information).


The Controller will process the above-mentioned personal data until an effective objection is raised or the purpose of the processing is achieved.





Purpose of processing

Personal data processed

Legal basis

Application administration

  1. IP address

  2. server date and time

  3. Operating System Information


The above data are saved automatically in the so-called server logs, each time the Application is used (it would not be possible to administer it without the use of server logs and automatic saving).

Article 6(1)(f) of the GDPR


(processing is necessary for the purpose of pursuing the legitimate interest of the Controller, in this case ensuring the proper operation of the Application)

Providing the above-mentioned personal data is voluntary, but necessary to ensure the proper operation of the Application (the consequence of failure to provide them will be the inability to ensure the proper operation of the Application).


The Controller will process the above-mentioned personal data until an effective objection is raised or the purpose of the processing is achieved.


Profiling


In order to create your profile for marketing purposes and direct marketing tailored to your preferences, the Controller will process your personal data in an automated manner, including profiling them – however, this will not have any legal effects on you or significantly affect your situation in a similar way.


The scope of profiled personal data corresponds to the scope indicated above in relation to the analysis of your activity in the Application and the data that you save on the Account.


The legal basis for the processing of personal data for the above purpose is Article 6(1)(f) of the GDPR, according to which the Controller may process personal data in order to pursue its legitimate interest, in this case to conduct marketing activities tailored to the preferences of recipients. Providing the above-mentioned personal data is voluntary, but necessary to achieve the above-mentioned purpose (the consequence of not providing them will be the Controller's inability to conduct marketing activities tailored to the preferences of recipients).


The Controller will process personal data for the purpose of profiling them until an effective objection is raised or the purpose of processing is achieved.


Recipients of personal data


The recipients of personal data will be the following external entities cooperating with the Controller:


  1. hosting company

  2. newsletter service provider;

  3. companies providing tools for analyzing activity in the Application and directing direct marketing to its users (ex. Google Analytics);


In addition, personal data may also be transferred to public or private entities, if such an obligation results from generally applicable law, a final court judgment or a final administrative decision.


Transfer of personal data to a third country


In connection with the Controller's use of the services provided by Google LLC, your personal data may be transferred to the following third countries: Great Britain, Canada, USA, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia and Australia. The basis for the transfer of data to the above-mentioned third countries are:



You can obtain from the Controller a copy of the data transferred to a third country.


Permissions


In connection with the processing of personal data, you have the following rights:


  1. the right to be informed what personal data concerning you is processed by the Controller and to receive a copy of this data (the so-called right of access). Issuing the first copy of the data is free of charge, for subsequent copies the Controller may charge a fee;

  2. if the processed data becomes outdated or incomplete (or otherwise incorrect), you have the right to request its rectification;

  3. in certain situations, you can ask the Controller to delete your personal data, e.g. when:

    1. the data will no longer be needed by the Controller for the purposes of which it has informed;

    2. you have effectively withdrawn your consent to the processing of data - unless the Controller has the right to process the data on another legal basis;

    3. the processing is unlawful;

    4. the need to delete the data results from a legal obligation to which the Controller is subject;

  4. if personal data is processed by the Controller on the basis of the consent granted to the processing or in order to perform the Agreement concluded with him, you have the right to transfer your data to another Controller;

  5. if personal data is processed by the Controller on the basis of your consent to the processing, you have the right to withdraw this consent at any time (the withdrawal of consent does not affect the lawfulness of the processing that was carried out on the basis of consent before its withdrawal);

  6. if you believe that the processed personal data are incorrect, their processing is unlawful, or the Controller no longer needs certain data, you can request that for a specified period of time (e.g. checking the correctness of the data or pursuing claims) the Controller does not perform any operations on the data, but only stores them;

  7. you have the right to object to the processing of personal data based on the legitimate interest of the Controller. In the event of an effective objection, the Controller will cease to process personal data for the above-mentioned purpose;

  8. you have the right to lodge a complaint with the President of the Office for Personal Data Protection if you believe that the processing of personal data violates the provisions of the GDPR.


Final provisions


To the extent not regulated by the Policy, the generally applicable provisions on the protection of personal data shall apply.


The policy is effective from 29.10.2025 r.