Privacy Policy

Protection of the Users’ privacy is of special interest to us. For that reason, the Users of have the highest standards of privacy protection guaranteed. Grupa SAPR Magdalena Petryniak as controller ensures safety of personal data made available by the Users. 

Considering the foregoing as well as requirements introduced by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ.UE.L.2016.119.1, 2016.05.04) (hereinafter: RODO) to ensure safety of personal data by Grupa SAPR Magdalena Patryniak this Privacy Policy is adopted.

This Privacy Policy sets forth principles of processing and protection of personal data transferred by the Users in connection with their use of the site as well as other Websites connected with it, communication and services.

The User is each data subject using the website as well as other Websites, forms of communication and services connected therewith. (hereinafter: User).

The controller of personal data included in the site is Grupa SAPR Magdalena Petryniak, the address: al. Szlak 77/222, 31-153 Kraków, NIP [Tax Identification Number]: 6762283815, REGON [Business Identification Number]: 120536839.

 (hereinafter: Controller).

To an extent necessary to perform under the agreement concluded by the User with the Controller as well as to an extent necessary for the Controller to undertake actions upon User’s request as well as to an extent necessary to fulfil the legal obligation imposed upon the Controller, i.e. processing of User’s personal data shall be carried out on the basis of law provisions, i.e. Article 6 Section 1 letter b) and letter c) GDPR. The User’s consent shall not necessary for processing its personal data. The User may prove its personal data within another scope as it chooses. Nonetheless, to an extent to which such consent for processing of User’s personal data has been expressed  by it solely for marketing purposes, the User may voluntarily provide its personal data, however refusal to grant consent or withdrawal of consents hall prevent the Controller from notifying the User of new offers.


If the User decides to use the site, it means that the User has accepted that the Controller collects, uses and makes available non-personal and personal data, in accordance with this Privacy Policy. However, the User is able to control the method of use and making its data available, which has been specified in detail in Chapter 5 of this Privacy Policy “User’s Rights”.

If personal data are processed on the basis of User’s consent, the User is entitled to withdraw its consent already granted at any time. Withdrawing consent shall not affect compliance with the processing right if such processing has been effected on the basis of such consent before withdrawal thereof.  The Controller shall inform the User that it is possible to withdraw consent before User grants such consent.

If this Privacy Policy is changed and the User still uses the site, then such activity shall be construed as granting consent for current terms of the Privacy Policy.


  • Method of obtaining personal data
  • Personal data obtained directly from the User

The Controller obtains personal data by two methods. The first method is to obtain personal data directly from the User by way of:

  • sending a message by the User through inquiry form present on the site; 
  • creating by the User of its own account in the site;
  • using by the User of services and products offered by the Controller;
  • contacting  the Controller by the User to obtain technical support.
  • Personal data obtained from other sources

The Controller also obtains personal data from sources, other than directly from the User, i.e.:

  • by registering the method by which the User uses products and services of the Controller through cookies files and other types of technology as well as receiving bug or data use reports from software operating on the User’s device.
  • from data brokers from whom the Controller buys demographic data as form of supplementation of data gathered independently;
  • from service providers who provide the Controller with information regarding Users’ localisation on the basis of IP addresses of Users;
  • from partners with whom the Controller offers products and services or with whom the Controller conducts joint marketing activities;
  • from publicly available sources, such as publicly available registers or domains in which User’s data are made available.
  • Personal data processed by the Controller

The scope of personal data collected by the Controller related to users may differ depending on the purpose of personal data processing.

The Controller collects, among other, the following personal and non-personal data:

  • Login name;
  • Name and surname / name of the company / name and surname of the entrepreneur or names and surnames of entrepreneurs acting in the form of civil private partnership;
  • Correspondence address;
  • Web address;
  • Telephone number;
  • Electronic mail;
  • NIP [Tax Identification Number];
  • REGON [Business Identification Number];
  • PC IP;
  • information related to payment, if the User makes a purchase on the Website.

In addition, the Controller collects personal data related to User’s file and message content, if it is required for making services and products available to it, including: subject and content of e-mail, text or other content of instant message, sound and video recording of a message, sound recording and transcription of a voice message received by the User or a text message dictated by it.

Further, the Controller also collects information transferred by the User, including opinions and evaluations of products and services as well as information provided to obtain technical support. Further, in case of coming into contact, the Controller collects message content.


The method of processing by the Controller of personal data related to the User depends on the method of use by the User from Controller’s products and services. Thus, specific purposes of processing of User’s personal data can differ depending which product or services is chosen by the User and how it uses such products or services.

  • Services (performing under agreement)

The Controller uses User’s personal data to authenticate and authorise its access to services, including also for realisation of services offered by the Controller.

If the User decides to order products or services of the User which are chargeable, the Controller shall process User’s personal data to an extent necessary to enter into the agreement and ensure proper realisation of the service agreement concluded with the User. 

  • Communication (performance under agreement, legitimate goal realised by the Controller)

The Controller uses User’s personal data to communicate with it in a personalised manner. Such communication consists in sending e-mails, placing notifications on Websites as well as other means as part of offered services, including text messages and push notifications. Content communicated to the User relates to offered services, i.e. availability of services and method of their use, safety of personal data, network update, reminders as well as offers suggested by the Controller.

Communication with the User also relates to support provided to User. Personal data are used to support the User, solve problems and answer its complaints.

Further, the Controller uses User’s personal data to enable to him to comment on the activity, services and products of the Controller.

  • Advertisement (performance under agreement, legitimate goal realised by the Controller)

The Controller uses User’s personal data to offer to it personalised advertisement for it, if the User expressed its consent for such actions or when an economic relationship is formed between the Controller and the User. Such advertisement relate both to offers of the Controller as well as of entities co-operating with it.

Advertisement presented to the User shall be individually personalised for each User by using:

  • data provided directly by the User;
  • data collected when the User uses the Controller’s services;
  • information provided by third party;
  • data originating from advertisement technologies, such as cookie files;
  • web beacons, pixels, advertisement tags as well as mobile identifiers.

The Controller shall not make User’s personal data available to advertisers who are third party or advertisement networks without a prior consent of the User. However, if the Users clicks displayed advertisement, the advertiser shall be notified thereof.

  • Improvement of services (legitimate interest of the Controller)

The Controller shall use User’s personal data to conduct analytical and statistical activities for constant improvement of offered products and services, ensuring better solutions, adding new functions as well as the possibility to gather a bigger number of recipients and support in entering into contacts and finding business opportunities.

Personal data related to Users are also used by the Controller for market research, public opinion surveying as well as carrying out economic analysis for constant improvement of site.

  • Safety (legitimate interest of the Controller)

The Controller shall use User’s personal data to monitor, prevent, reveal and counteract fraud and abuse, protect other Users against such abuse and to ensure safety of network and information. If there is a justified suspicion of committing a crime, User’s personal data shall be used to examine a presumed crime by unauthorised persons or any other violation of this Privacy Policy.

  • Seeking claims (legitimate interest of the Controller)

If the User decides to use Controller’s services, the Controller shall be entitled to process User’s personal data to an extent necessary to seek potential claims under conducted business activity as well as analyse potential violation of principles related to use of Controller’s services.

  • Bookkeeping (realisation of statutory obligation)

If the User decides to order services of the Controller which are chargeable, the Controller shall process User’s personal data to an extent necessary to keep books as well as settlement under realised chargeable services.


User’s personal data are or may be transferred to the following categories of recipients:

  • providers of advertisement or marketing services, if to realise the purpose in the form of direct marketing of Controller’s own services;
  • providers of legal and advisory services as well as support services for the Controller in seeking due claims (in particular, to law firms, debt collection entities);
  • entities processing personal data upon Controller’s request, e.g. subcontractors of Controller’s services
  • entities entitled to obtain data on the basis of valid law, e.g. courts or public prosecution authorities, if such make a request on the basis of relevant legal grounds.


The User shall be entitled to decide on its personal data by way of deciding on disclosure of specified personal data, including privacy preferences. However, in such a situation the User must remember that it shall not be able to use to the fullest extent of certain products or services offered by the Controller. 

If the User wishes to use rights it is entitled to as a data subject, it can contact the Controller by way of e-mail sent at the address

  • Right to access

The User shall be entitled to obtain from the Controller confirmation whether its personal data are processed and, if it is the case, it shall be entitled to obtain access to information related to details of processing its data, including but not limited to information about the purpose of such processing and categories of data being processed. 

The User shall be also entitled to request that copies of personal data subject to processing be delivered. 

  • Right to rectification

The User shall be entitled to rectify personal data which are untrue. It is entitled to request replacement, supplementation or removal of errors, faults and misleading information in the entire data set which relates to it.

The object of supplementation cannot be personal data which are wrong, i.e. the User may not request replacement or supplementation of current data with wrong ones.

If processed personal data are incomplete, the User may present an additional declaration to supplement them. It is admissible to present such declaration in any, including electronic, form.

  • Right to erasure (right to be forgotten)

The User shall be entitled to request that its personal data be erased, if any of the following occurs:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the User withdraws consent on which the processing is based and there is no other legal basis for processing;
  • the User objects to processing of the personal data related to it;
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
  • the personal data have been collected in relation to the offer of information society services.

The User shall be entitled to the right to be forgotten solely if it exercised the right to erasure and solely when the personal data related to it have been made public by the Controller.

  • Right to restriction of processing

The User shall have the right to obtain from the controller restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by the User, for a period enabling the Controller to verify the accuracy of the personal data;
  • the processing is unlawful and the User subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the Controller no longer needs the personal data for the purposes of the processing, but they are required by the User for the establishment, exercise or defence of legal claims;
  • the User has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted, the Controller may process the personal data, with the exception of storage, only:

  • upon User’s consent or
  • for the establishment, exercise or defence of legal claims or 
  • with the User’s consent or
  • for reasons of important public interest of the Union or of a Member State
  • Right to data portability

The User shall have the right to receive the personal data concerning them, which they have provided to the Controller, in a structured, commonly used and have the right to transmit those data to another controller .

The User shall also have the right to have the personal data transmitted directly from the Controller to another controller, where technically feasible. 

  • Right to object 

The User shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning:

  • for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller; 
  • for direct marketing purposes, including profiling, if such is connected with direct marketing; 
  • for the reasonable interest of the Controller.

The procedure related to handling the objection and any type of communication are free of charge; it is also possible to lodge an objection by way of electronic message.

  • Right to lodge a complaint

The User shall have the right to lodge a complaint with the Personal Data Protection Office, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement.


  • The right not to be subject to decisions based solely on automated processing, including profiling

The right not to be subject to decisions based solely on automated processing, including profiling shall be granted to the User due to the development of technology and marketing techniques based on data collected during the use of internet services.

Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to the User, in particular to analyse or predict aspects concerning their performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

The User may exercise such right when two premises are fulfilled:

  1. firstly, the User is subject to the decision which is based solely on automated processing of personal data, including profiling;
  2. secondly, such decision produces legal effects concerning them or similarly significantly affects them.

Automated decision making in individual cases, including profiling, cannot be prohibited, if such decision:

  • is necessary for entering into, or performance of, a contract between the User and the Controller;
  • is authorised by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard the User’s rights and freedoms and legitimate interests; or
  • is based on the User’s explicit consent.


The Controller uses cookie files and other similar technologies to improve efficiency and propose to the User better and better site functionalities as well as customised advertisement. Cookie files (“Cookies”) are code fragments which are text files corresponding to HTTP queries, addressed to the Controller’s server. They are to ensure the optimal service during User’s visit on the site as well as enable a quicker and easier access to information. Information stored or obtaining access to such information shall not result in configuration changes of the User’s device or software installed in it. Information contained in the cookies and similar technologies are considered as personal data solely in connection with other personal data available in relation to a given User. If the User does not consent to recording and receiving information in cookies, they may change rules regarding cookies by way of their Internet browser or application of the opt-out option on the site of the specified technology solution provider. Detailed information regarding technologies used by the Controller are available in the Cookies policy at the address .


  • Personal Data Protection 

The Controller implements various measures to ensure safety of User’s personal data. Applied systems and procedures preventing access and disclosure of personal data to authorised persons ensure safe use of offered services. Further, systems and procedures applied by the Controller are subject to regular monitoring to discover any potential threats. Personal data obtained by the Controller are stored in computer system the access to which is very restricted.

  • Personal Data Storage

The period for which Users’ personal data are stored can differ as other purposes of the processing personal data can be determined with respect to such personal data of various Users. 

The Controller stores the personal data for a period which is necessary to obtain such goals, i.e.:

  • for analytical and statistical purposes: for a period necessary to obtain goals connected with effective operation and development of the site; 
  • for providing services for the benefit of the User: for a contract term as well as a period time limits related to claims;
  • for a period required by law provisions regarding bookkeeping as well as settlements under provided services;
  • for the processing of personal data for marketing purposes: for a period of economic relationship with the User, unless the User lodges earlier an objection against processing for such purposes;

in each of the above-mentioned cases upon the elapse of the necessary period of processing data may be processed solely to secure seeking claims.

The personal data of the Users are stored in the Controller’s database to which technical and organisational measures have been applied to ensure protection of the processed personal data, in accordance with requirements specified in valid law provisions. Only the Controller shall have access to database.

  • Changes in privacy policy

To update information contained in this Privacy Policy as well as its consistence with valid law provisions, this Privacy Policy may be changed. Once the document contents are changed, the date of its update shall be changed, which is included at the beginning of this Privacy Policy. Nonetheless, the User shall be notified of each significant change by way of notice included on the Website or directly. To obtain information about the method of personal data protection, the Controller shall recommend to the Users regular examination of these rules of the Privacy Policy.

  • Contact information

In case of any doubts connected with personal data protection issues or to obtain information related to this Privacy Policy, the User may contact the Controller  through e-mail as well as postal address at the Controller’s address.