Privacy Policy

This Privacy Policy describes how Budika Jumili ("we", "us", "our") collects, uses, and protects personal data obtained through the website budika-jumili.info and any associated communications. It is written in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation, "GDPR") and the Polish Act of 10 May 2018 on the Protection of Personal Data (Dz.U. 2018 poz. 1000), as amended.

1. Data Controller

The data controller responsible for your personal information is:

As data controller, we determine the purposes and means of processing your personal data. If you have any questions regarding the handling of your data, you may contact us using the details above.

2. Scope of This Policy

This policy applies to all personal data collected through:

• The website located at budika-jumili.info and its subpages
• Email correspondence addressed to us
• Telephone communication initiated by or directed to us
• Any in-person visits to our premises at the address stated above

It does not apply to third-party websites that may be linked from our site. We have no control over those sites and encourage you to review their respective privacy policies.

3. Data We Collect

We collect the following categories of personal data:

• Identification data: Name as provided voluntarily through contact forms or email
• Contact data: Email address provided through forms or correspondence
• Communication content: The content of messages sent to us via the contact form or email
• Technical data: IP address, browser type, operating system, referring URL, pages visited, and session duration — collected automatically via server logs when you access the website
• Cookie data: Preferences stored through cookies where consent has been given — see Section 9 and our Cookie Policy for details

We do not collect special categories of personal data (sensitive data) as defined in Article 9 GDPR, including health data, financial account information, or biometric data.

4. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 GDPR:

• Article 6(1)(a) — Consent: For the placement of non-essential cookies on your device, where you have given explicit consent via our cookie consent mechanism
• Article 6(1)(b) — Performance of a contract: Where processing is necessary to respond to an enquiry or to take steps at your request prior to entering into an arrangement
• Article 6(1)(c) — Legal obligation: Where processing is required to comply with applicable Polish or EU law
• Article 6(1)(f) — Legitimate interests: For technical data collected for security, fraud prevention, and the stable operation of this website, where our legitimate interest does not override your fundamental rights and freedoms

5. How We Use Your Data

Personal data collected through this website is used for the following purposes:

• Responding to enquiries submitted through the contact form or sent by email
• Maintaining records of communications for correspondence continuity
• Ensuring the technical functionality, security, and performance of the website
• Complying with legal obligations under Polish and EU law
• Improving the quality and relevance of educational content through aggregate, anonymised usage analysis

We do not use your personal data for automated decision-making or profiling as defined in Article 22 GDPR.

6. Data Sharing

We do not sell, rent, or trade personal data. Data may be shared in the following limited circumstances:

• Service providers: Third-party providers who assist with website hosting, email infrastructure, or IT maintenance — only to the extent necessary and under data processing agreements where required by GDPR Article 28
• Legal authorities: Where disclosure is required by applicable Polish law, a court order, or a lawful request from a competent public authority
• Business transfers: In the event of a merger, acquisition, or transfer of assets, personal data may be transferred to the successor entity, subject to equivalent privacy protections

7. Retention Periods

We retain personal data only for as long as necessary for the purposes outlined in this policy:

• Contact form and email correspondence: retained for up to 24 months from the date of the last relevant communication, then securely deleted
• Technical and server log data: retained for up to 12 months for security and operational purposes
• Cookie consent records: retained for up to 13 months from the date consent was recorded

Where retention beyond these periods is required by Polish legal obligations, data will be retained for the legally mandated period and no longer.

8. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights, subject to applicable conditions and limitations:

• Right of access (Article 15): To request a copy of the personal data we hold about you
• Right to rectification (Article 16): To request correction of inaccurate or incomplete data
• Right to erasure (Article 17): To request deletion of your data where no lawful basis for continued processing exists
• Right to restriction (Article 18): To request that we limit processing of your data in certain circumstances
• Right to data portability (Article 20): To receive data provided by you in a structured, machine-readable format where processing is based on consent or contract
• Right to object (Article 21): To object to processing based on legitimate interests
• Right to withdraw consent (Article 7(3)): Where processing is based on consent, to withdraw that consent at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at [email protected]. We will respond within one month of receiving your request, in accordance with Article 12 GDPR. You also have the right to lodge a complaint with the Polish supervisory authority, the Urząd Ochrony Danych Osobowych (UODO), at ul. Stawki 2, 00-193 Warszawa, or via uodo.gov.pl.

9. Cookies

This website uses cookies. A cookie is a small text file placed on your device by a web server. We use cookies for technical functionality and, where you have consented, for analytical purposes. Full details of the cookies used, their purpose, and how to manage your preferences are set out in our Cookie Policy.

You may withdraw cookie consent at any time by adjusting your preferences through the cookie settings panel accessible via the banner on this site, or by clearing cookies through your browser settings.

10. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or disclosure, in accordance with Article 32 GDPR. These measures include secure server infrastructure, access controls, and regular review of our security practices.

No method of transmission over the internet is entirely secure. While we take reasonable steps to protect your data, we cannot provide an absolute guarantee of security for data transmitted electronically.

11. International Transfers

Where personal data is processed by service providers located outside the European Economic Area, we ensure that appropriate safeguards are in place in accordance with Chapter V GDPR. These safeguards may include Standard Contractual Clauses approved by the European Commission, or transfers to countries with an adequacy decision.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the structure of this website. The "Last Updated" date at the top of this document indicates when the current version was adopted. We encourage you to review this page periodically. Continued use of the website following any update constitutes acknowledgement of the revised policy.

13. Contact the Data Controller

For any questions, requests, or concerns relating to this Privacy Policy or the processing of your personal data, please contact us: