This document (“Privacy Policy”) sets out the rules for the processing and protection of Clients’ personal data, as well as the rules for storing and accessing information on the Client’s devices through the use of cookies.

1. DEFINITIONS

1. ADMINISTRATOR – means Bright Kiddo, with its registered office in Kraków, entered into the Register of Entrepreneurs of the National Court Register under number KRS 0000741501, REGON 380823164, NIP 6762552534, with share capital of PLN 5,000, which processes Clients’ personal data, provides electronic services, and stores and gains access to information on the Client’s Devices.
2. Cookies – means IT data, in particular small text files, stored and saved on Devices through which the Client uses the Website.
3. Website – means the Administrator’s website, available at: www.brightkiddo.pl
4. Device – means an electronic device through which the Client accesses the Website.
5. Client – means any person using the Website or contacting the Administrator in any other way.
6. RODO – means the General Data Protection Regulation of the European Union 2016/679 of 27 April 2016.

2. PERSONAL DATA PROTECTION

1. This Privacy Policy applies when you use the services of the Administrator, meaning when you use the Website, make use of the functionalities provided by the Administrator on the Website, contact the Administrator (for example, via email, messaging applications, or the form available on the Website), receive email or SMS messages from the Administrator, or contact the Administrator by telephone. 
2. Depending on the services you use, the Administrator processes the following personal data: email address, first and last name, address, telephone number, message content, and any other data provided by the Client.
3. The Administrator uses personal data to provide Clients with the Administrator’s services, to conclude and perform contracts, and to receive and send email correspondence in connection with the performance of a contract or prior to its conclusion. The legal basis for processing is the necessity of processing for the performance of a contract or to take steps at the request of the data subject before concluding a contract (Article 6(1)(b) RODO). In certain cases, the legal basis may also be a specific legal provision allowing the Administrator to process data in order to fulfil a legal obligation – for example, accounting and tax regulations (Article 6(1)(c) RODO).
4. The Administrator uses personal data to communicate with Clients, for example via email, as well as by responding to social media posts addressed to the Administrator, in order to better perform services, provide updates, and offer explanations and information. The legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) RODO).
5. The Administrator requires the Client to provide those personal data that are necessary for the performance of the contract or for responding to a message. If the Client does not provide this information, the Administrator will be unable to deliver the services or provide a response. Where required by law, for example tax regulations, the Administrator may also require the provision of other necessary data. In all other cases, the provision of personal data by the Client is voluntary.
6. The Administrator entrusts personal data for processing to service providers who perform specific tasks and functions on behalf of the Administrator. The Administrator discloses data to service providers for the purposes of supporting the website, providing data storage services, and delivering accounting and legal services to the Administrator. The Administrator provides the above-mentioned service providers only with such data as are necessary for the proper performance of services for or on behalf of the Administrator. In the case of data transfers, the Administrator ensures that the service provider processes the data in compliance with security requirements and does not use the data for purposes other than the provision of services to the Administrator.
7. The Administrator does not disclose personal data to entities other than the service providers described in the paragraph above, except in cases where this is required by law or by a decision of public authorities, as well as when it is necessary to establish, exercise, or defend the Administrator’s legal claims.
8. The Administrator does not transfer personal data outside the territory of the European Union.
9. The Administrator processes Clients’ personal data only for as long as is necessary for the proper performance of contracts with Clients, i.e., for the provision of services, the pursuit of claims in connection with the performance of a contract, and for the period resulting from obligations imposed on the Administrator by law (e.g., for the fulfilment of tax and accounting obligations, in accordance with applicable regulations, for a period of 5 years), and only to the extent necessary.
10. The Administrator ensures the application of appropriate technical and organizational measures to safeguard personal data, in order to provide an adequate level of security for the data being processed.
11. Clients have the right to access their personal data, including the right to request information about their data or to obtain a copy of such data processed by the Administrator.
12. Clients have the right to rectify their personal data if such data are incomplete, outdated, or inaccurate.
13. Clients have the right to object to the processing of their personal data by the Administrator. The Client may object to the processing of their data for the purposes of direct marketing (“marketing objection”). The Client also has the right to object to the processing of their data based on the Administrator’s legitimate interest for purposes other than direct marketing, as well as when the processing is necessary for the Administrator to perform a task carried out in the public interest. In such a case, the Client must indicate the particular situation that justifies the cessation of processing by the Administrator. The Administrator will cease processing the Client’s data for these purposes unless it demonstrates that the grounds for processing by the Administrator override the Client’s rights or that the data are necessary for the establishment, exercise, or defence of legal claims.
14. Clients have the right to request the restriction of the processing of their personal data by the Administrator.
15. Clients have the right to request the deletion of their personal data.
16. Clients have the right to request the transfer of their personal data to themselves or to a designated third part.
17. Clients have the right to lodge a complaint with the personal data protection supervisory authority:
    President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland, website: http://www.uodo.gov.pl/
18. The Administrator does not carry out profiling of data. The Administrator does not collect any information automatically, except for information contained in cookies, if the Client has given consent to their use.

3. COOKIES POLICY

1. The Administrator does not collect any information automatically, except for information contained in cookies, if the Client has given consent to their use.
2. Data collected through the use of cookies may be gathered by the Administrator solely for the purpose of providing specific functionalities to the Client. 
3. The cookies used by the Administrator are safe for Clients’ Devices. In particular, it is not possible for viruses or other unwanted or malicious software to enter Clients’ Devices via this method. Cookies make it possible to identify the software used by the Client and to tailor the Website to the individual needs of each Client. Cookies typically contain the name of the domain from which they originate, the time they are stored on Devices, and an assigned value.
4. The Administrator collects information through cookies stored on Clients’ Devices.
5. Cookies are IT data, in particular text files, which are stored on the Client’s end device and are intended for use with the Website. Cookies typically contain the name of the website from which they originate, the duration of their storage on the Device, and a unique number. Cookies make it possible to identify the software used by the Client and to tailor the Website to the individual needs of each Client.
6. The Administrator collects information through cookies for the following purposes:

1. to tailor the services provided through the Website to the needs of Clients and to optimise the use of the Website;
2. to compile general and anonymous statistics on Clients’ use of the Website through analytical tools, which help to understand how Users interact with the Website, thereby enabling improvements to its structure and content.
3. The Administrator collects information through the following categories of cookies:

1. temporary files, which usually remain on the Client’s Device until the internet browser is closed. Once the browser is closed, these files are deleted. Such cookies are used by the Administrator, among other purposes, to remember the Client’s data.
2. persistent files, which remain on the Client’s Device for a specified period or until they are deleted by the Client. These files are not deleted when the browser is closed.

8. Using the Website without changing the browser settings regarding cookies means that they will be placed on the Client’s Device.
9. The Client may change the cookie settings at any time. The Client may block or limit the placement of cookies on their Device by adjusting the settings of their internet browser. Detailed information on changing cookie settings is available in the settings of the internet browser used by the Client.
10. Disabling or limiting the option to store cookies in the internet browser does not prevent Clients from using the Website, but it may affect certain functionalities available on the Website.
11. The above information will be processed for technical purposes related to ensuring the proper functioning of the Website and for statistical purposes. The legal basis for data processing is the Administrator’s legitimate interest (Article 6(1)(f) RODO).