logo
PRIVACY POLICY OF THE APPLICATION Studio Face

This Privacy Policy (hereinafter referred to as the "Policy") provides information about the processing of your personal data in connection with the use of the "Studio Face" application (hereinafter referred to as the "Application").

All terms written with a capital letter that are not otherwise defined in this Policy have the meanings assigned to them in the Terms of Use of the application, available at: Terms of Use

Personal Data Controller

The controller of your personal data is WILK, a z ograniczoną odpowiedzialnością company with its registered office in Piwniczna Zdrój (address: ul. Partyzantów 6, 33-350 Piwniczna-Zdrój), entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court in dla Krakowa Śródmieścia w Krakowie, XII Commercial Division of the National Court Register under KRS number: 0001036738, holding NIP: 7343625418, REGON number: 525365873, with share capital of 5000 PLN (hereinafter referred to as the "Controller").
The controller of your personal data is :company_details.jdg.name, conducting business under the name :company_details.jdg.name (permanent business address: :company_details.jdg.address), entered into the Central Register and Information on Economic Activity maintained by the Minister of Economy, holding NIP: :company_details.jdg.nip, REGON number: :company_details.jdg.regon (hereinafter referred to as the "Controller").

Contacting the Controller

For all matters related to the processing of personal data, you can contact the Controller via email at: [email protected].

Personal Data Protection Measures

The Controller employs modern organizational and technical safeguards to ensure the best possible protection of your personal data and guarantees compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, "GDPR"), the Polish Personal Data Protection Act of 10 May 2018, and other applicable laws on personal data protection.

Information About Processed Personal Data

Using the Application requires the processing of your personal data. Below, you will find detailed information about the purposes and legal bases for processing, as well as the retention period and whether providing the data is mandatory or optional.

Purpose of Processing Processed Personal Data Legal Basis
Conclusion and performance of the Agreement
  1. First and last name
  2. Phone number
  3. Email address
  4. Other data provided by the User
 Article 6(1)(b) GDPR (processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract)
Providing the above-mentioned personal data is a condition for concluding and performing the Agreement. While providing the data is voluntary, failure to do so will prevent the conclusion and performance of the Agreement. The Controller will process the above data until the expiration of claims arising from the Agreement.

Purpose of Processing Processed Personal Data Legal Basis
Compliance with obligations related to data protection
  1. First name
  2. Last name
  3. Contact details provided by you (email address; mailing address; phone number)
Article 6(1)(c) GDPR (processing is necessary for compliance with a legal obligation to which the Controller is subject, in this case, obligations arising from data protection regulations)
Providing the above-mentioned personal data is voluntary but necessary to properly fulfill the Controller's obligations under data protection regulations, including the exercise of rights granted to you under GDPR (failure to provide the data will prevent the proper exercise of these rights). The Controller will process the above-mentioned personal data until the expiration of claims related to violations of data protection regulations.

Purpose of Processing Processed Personal Data Legal Basis
Establishing, pursuing, or defending against claims
  1. First and last name
  2. Company
  3. Email address
  4. Residential/business address
  5. PESEL number
  6. Tax Identification Number (NIP)
 Article 6(1)(f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the Controller, in this case, establishing, pursuing, or defending against claims that may arise in connection with the performance of agreements entered into with the Controller)
Providing the above-mentioned personal data is voluntary but necessary to establish, pursue, or defend against claims that may arise in connection with the performance of agreements entered into with the Controller (failure to provide this data will prevent the Controller from undertaking such actions). The Controller will process the above-mentioned personal data until the expiration of the limitation periods for claims that may arise in connection with the performance of agreements entered into with the Controller.

Purpose of Processing Processed Personal Data Legal Basis
Application Administration
  1. IP address;
  2. Server date and time;
  3. Information about the operating system.
These data are automatically recorded in so-called server logs every time the Application is used (administration of the Application would not be possible without the use of server logs and automatic recording). 		Article 6(1)(f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the Controller, in this case, ensuring the proper functioning of the Application)
Providing the above-mentioned personal data is voluntary but necessary to ensure the proper functioning of the Application (failure to provide this data will make it impossible to ensure the proper operation of the Application). The Controller will process the above-mentioned personal data until an effective objection is submitted or the processing purpose is achieved.

Profiling

Your personal data will not be used by the Controller to make automated decisions, including profiling.

Recipients of Personal Data

Recipients of personal data may include the following external entities cooperating with the Controller:
  • Hosting company;
  • Accounting office;
Additionally, personal data may also be disclosed to public or private entities if such an obligation arises from generally applicable laws, a final court judgment, or a final administrative decision.

Transfer of Personal Data to Third Countries

In connection with the Controller's use of services provided by providers outside the European Union, your personal data may be transferred to the following third countries: United Kingdom, Canada, USA, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia, and Australia. The basis for transferring data to the aforementioned third countries is as follows:
  • For the United Kingdom, Canada, Israel, Japan, and South Korea - decisions of the European Commission confirming an adequate level of personal data protection in each of the aforementioned third countries;
  • For the USA - the Implementing Decision of the Commission (EU) 2023/1795 of July 10, 2023, under Regulation (EU) 2016/679 of the European Parliament and of the Council, confirming an adequate level of data protection ensured under the EU-US Data Privacy Framework;
  • For Chile, Brazil, Saudi Arabia, Qatar, India, China, Singapore, Taiwan (Republic of China), Indonesia, and Australia - contractual clauses ensuring an adequate level of protection, consistent with the standard contractual clauses specified in the Commission Implementing Decision (EU) 2021/914 of June 4, 2021, on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council.
You may obtain a copy of the data transferred to a third country from the Controller.

Rights

In connection with the processing of personal data, you have the following rights:
  1. The right to information about which personal data concerning you are being processed by the Controller and to obtain a copy of that data (the so-called right of access). The first copy of the data is free of charge, and the Controller may charge a fee for additional copies;
  2. If the processed data becomes outdated, incomplete, or otherwise incorrect, you have the right to request its rectification;
  3. In certain situations, you may request that the Controller delete your personal data, e.g., when:
    • The data is no longer needed by the Controller for the purposes for which it was collected;
    • You have effectively withdrawn your consent for data processing, provided that the Controller has no other legal basis for processing the data;
    • The processing is unlawful;
    • The deletion of data is required by a legal obligation imposed on the Controller.
  4. If your personal data is processed by the Controller based on consent or to perform a contract with the Controller, you have the right to transfer your data to another controller;
  5. If your personal data is processed by the Controller based on your consent, you have the right to withdraw that consent at any time (the withdrawal of consent does not affect the legality of processing carried out based on consent before its withdrawal);
  6. If you believe that the personal data being processed is incorrect, its processing is unlawful, or the Controller no longer needs specific data, you may request that the Controller refrains from performing any operations on the data for a specified period (e.g., to verify the data's accuracy or pursue claims) and only stores it;
  7. You have the right to object to the processing of personal data, where the basis for processing is the Controller's legitimate interest. If the objection is effective, the Controller will cease processing the personal data for this purpose;
  8. You have the right to lodge a complaint with the President of the Personal Data Protection Office if you believe that the processing of personal data violates the provisions of GDPR.

Final Provisions

In matters not regulated by this Policy, the provisions of generally applicable data protection laws shall apply.

This Policy is effective from January 2, 2025.