General Information
- This policy applies to the website operating at the URL: www.hearts-touch.com
- The operator of the service and the Data Controller is: Nikodem Pietrzak, President of the “Podaruj Serduszko” Foundation, Czereśniowa Street 4, Modrzyca 67-106, Poland, KRS number: 0001097786, also known internationally as “Heart’s Touch”.
- The operator’s contact email address is: office@hearts-touch.com
- The operator is the Data Controller of your personal data with regard to the information voluntarily provided on the website.
The website uses personal data for the following purposes:
- Managing the newsletter
- Operating the comment system
- Running the online forum
- Managing classified ads
- Displaying user profiles to other users
- Showing user advertisements
- Handling inquiries through forms
- Presenting offers or information
- The website collects information about users and their behavior in the following ways:
- Through voluntarily provided data in forms, which is entered into the operator’s systems.
- By saving cookies (i.e., small files) on users’ devices.
Your personal data will be processed for the purpose of carrying out the foundation’s statutory tasks and sending you information about the foundation’s activities and thank-yous—based on Article 6(1)(e) of the General Data Protection Regulation (GDPR) of April 27, 2016.
Your personal data will be retained until you object.
The recipients of personal data will only be entities authorized to receive personal data based on legal regulations.
Your personal data is secured against unauthorized access by third parties.
Selected Data Protection Methods Used by the Operator
- The following data protection measures are implemented by the Operator:
- Secure Transmission: Login and personal data entry points are protected during transmission with SSL encryption. This ensures that personal data and login credentials entered on the site are encrypted on the user’s computer and can only be read on the target server.
- Password Hashing: User passwords are stored in a hashed form. The hashing function operates in a one-way manner, meaning it is not possible to reverse the process, which is the current standard for password storage.
- Two-Factor Authentication: Two-factor authentication is used as an additional layer of protection for logging into the service.
- Periodic Password Changes: The Operator regularly changes administrative passwords.
- Regular Backups: The Operator performs regular backups to protect data.
- Software Updates: Regular updates of all software used by the Operator for processing personal data are carried out, including updates to programming components.
Hosting
The service is hosted (technically maintained) on the operator’s servers: lh.pl
Your Rights and Additional Information on Data Usage
In certain situations, the Data Controller has the right to share your personal data with other recipients if necessary to fulfill the contract with you or to meet the Data Controller’s obligations. This includes the following groups of recipients:
- In certain situations, the Data Controller may share your personal data with the following recipients if it is necessary to fulfill the contract with you or to comply with the Data Controller’s obligations:
- Hosting Company: For data processing on a subcontracted basis.
- Couriers: For the delivery of physical items.
- Postal Operators: For the delivery of mail.
- Banks: For processing financial transactions.
- Payment Processors: For handling online payments.
- Comment System Operators: For managing and displaying comments.
- Authorized Employees and Collaborators: Who use the data to achieve the objectives of the website’s operation.
- Your personal data will be processed by the Data Controller only for as long as necessary to perform tasks related to it, as defined by separate regulations (e.g., accounting regulations). For marketing data, it will not be processed for more than 3 years.
- You have the right to request from the Data Controller:
- Access to your personal data.
- Correction of your personal data.
- Deletion of your personal data.
- Restriction of processing of your personal data.
- Data portability.
- You have the right to object to the processing mentioned in point 3.3 c) regarding the processing of personal data for the purposes of legitimate interests pursued by the Data Controller, including profiling. However, the right to object cannot be exercised if there are valid legally justified grounds for processing that outweigh your interests, rights, and freedoms, particularly for the establishment, exercise, or defense of claims.
- You may lodge a complaint against the actions of the Data Controller with the President of the Personal Data Protection Office, Stawki 2, 00-193 Warsaw.
- Providing personal data is voluntary but necessary for the operation of the service.
- Automated decision-making, including profiling, may be carried out in relation to you for the purpose of providing services under the contract and for direct marketing by the Data Controller.
- Personal data is not transferred to third countries as defined by data protection regulations, meaning that it is not sent outside the European Union.
Information in Forms
- The service collects information voluntarily provided by users, including personal data, if it is given.
- The service may record information about connection parameters, such as the time stamp and IP address.
- In some cases, the service may save information to help link data in the form with the email address of the user filling out the form. In such cases, the user’s email address appears within the URL of the page containing the form.
- The data provided in the form is processed for the purpose specified by the function of the particular form, such as handling a service request, business contact, or service registration. Each form’s context and description clearly inform the user of its intended purpose.
Administrator Logs
Information about user behavior on the service may be logged. This data is used for the following purposes:
Key Marketing Techniques
- The Operator uses the following marketing and analytical techniques:
- Statistical Analysis Using Google Analytics:
- Service Provider: Google Inc. (USA).
- Data Handling: The Operator does not send personal data to Google; only anonymized information is used.
- Cookies: The service relies on cookies stored on the user’s device. Users can view and edit cookie-related information through the tool available at Google Ads Preferences.
- Remarketing Techniques:
- Purpose: To tailor advertising messages based on user behavior on the site. This may create the impression that personal data is used for tracking; however, no personal data is actually transferred to advertising operators.
- Requirement: Cookies must be enabled for these actions.
- Facebook Pixel:
- Service Provider: Facebook Inc. (USA).
- Purpose: To let Facebook know that a registered user is visiting the service.
- Data Handling: The Operator does not provide additional personal data to Facebook. This service relies on cookies stored on the user’s device.
- User Behavior Tracking:
- Technologies Used: Heatmaps and session recording tools.
- Data Handling: Information is anonymized before being sent to the service provider, so personal identification is not possible. Passwords and other personal data are not recorded.
- Automated Actions:
- Function: To automate interactions, such as sending emails after visiting specific pages, provided the user has consented to receive marketing communications.
Information About Cookies
- The Service Uses Cookies
- Cookies are data, particularly text files, that are stored on the user’s device and used to interact with the Service’s web pages. Cookies usually contain the name of the website from which they originate, the duration of their storage on the device, and a unique number.
- The entity placing cookies on the user’s device and accessing them is the operator of the Service.
- Cookies are used for the following purposes:
- Maintaining the user’s session on the Service (after logging in), so that users do not have to repeatedly enter their login and password on each page of the Service.
- Achieving the goals specified above in the “Essential Marketing Techniques” section.
- The Service uses two main types of cookies: “session cookies” and “persistent cookies”. Session cookies are temporary files stored on the user’s device until they log out, leave the website, or close the software (web browser). Persistent cookies are stored on the user’s device for the period specified in the cookie parameters or until they are deleted by the user.
- Web browser software usually allows cookies to be stored on the user’s device by default. Service users can change these settings. Web browsers also allow cookies to be deleted and can automatically block cookies. Detailed information on this can be found in the help or documentation of the web browser.
- Restrictions on the use of cookies may affect some functionalities available on the Service’s web pages.
- Cookies placed on the user’s device may also be used by entities cooperating with the Service operator, including companies such as Google (Google Inc., USA), Facebook (Facebook Inc., USA), and Twitter (Twitter Inc., USA).
Managing Cookies – How to Express and Withdraw Consent in Practice
- Jeśli użytkownik nie chce otrzymywać plików cookies, może zmienić ustawienia przeglądarki. Zastrzegamy, że wyłączenie obsługi plików cookies niezbędnych dla procesów uwierzytelniania, bezpieczeństwa, utrzymania preferencji użytkownika może utrudnić, a w skrajnych przypadkach może uniemożliwić korzystanie ze stron www
- W celu zarządzania ustawienia cookies wybierz z listy poniżej przeglądarkę internetową, której używasz i postępuj zgodnie z instrukcjami:Urządzenia mobilne: