§ 1
GENERAL PROVISIONS

1. The app.contentation.com website (hereinafter referred to as the “Website”) is operated by CONTENTATION Sp. z o.o. with its registered office in Szczecin, Aleja Piastów 22, 71-064 Szczecin, Poland entered into the Register of Entrepreneurs of the National Court Register under the number 0000871922, NIP Tax No.: 8522668617.
2. During the course of activity the Website collects, processes and uses the data of Website Users, Advertisers, Publishers, and Influencers (hereinafter referred to as “Users”), with personal data included.
3. Personal data will be collected on the basis of Regulation 2016/679 of the European Parliament and of the EU Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: “GDPR”).
4. User data may be collected by the Website as a result of the Users’ voluntary provision, among others, during account registration or through cookies.
5. Apart from personal data, the following are also collected: the User’s IP address, type of software used by the User, or information on the source from which the User was redirected to the Website.
6. The User will be instructed on how the data will be processed upon his/her personal data provision.
7. Data collected by the Website will be used for statistical purposes and administration of the Website.
8. All content in the Service is protected by law, including copyright or trademark protection rights, and may not be used in any way without prior written consent of the Administrator, except for fair personal use of works within the meaning of the Act of 4 February 1994 on Copyright and Related Rights.
9. The Administrator reserves the right to introduce alterations to this Privacy Policy in order to keep it up to date. Users will be notified by e-mail about any changes to this Privacy Policy.

§ 2
PERSONAL DATA

1. The administrator of your personal data is CONTENTATION Sp. z o.o. (hereinafter referred to as “Administrator”), with its registered office in Szczecin, Aleja Piastów 22, 71-064 Szczecin, Poland, entered in the Register of Entrepreneurs of the National Court Register under the number 0000871922, NIP Tax No.: 8522668617.
2. The Administrator obtains the personal data of Users, natural persons representing Users who are legal entities, and other persons visiting the Website directly from data subjects. The Administrator may also obtain personal data from Users who are Publishers, Advertisers, Journalists, or Influencers, provided that the persons to whom the data pertains give their consent to the relevant Publisher, Advertiser, Journalist, or Influencer.
3. Personal data is obtained by automated means. As part of the operation of the Website, the processing of personal data will include:
   • name and surname,
   • email address,
   • company name (in case of company accounts), 
   • phone number,
   • residence address,
   • NIP (Tax No.) or PESEL (Personal ID No.) number.
4. The processing of the User’s data, will be performed for the purpose of:
   1. the correct execution of the order or contract placed,
   2. fulfillment of legal obligations,
   3. contacting the User in order to properly execute the order or contract,
   4. contacting the User in order to conduct the complaint procedure, 
   5. direct marketing, after obtaining the User’s consent, 
   6. providing newsletter services, and for statistics and analysis.
5. The legal basis for the processing of personal data by the Website is the necessity of: data processing in order to perform the agreement relating to services provided electronically through the Website (art. 6 sec. 1 (b) GDPR), communication in connection with the provision of Website services (art. 6 sec. 1 (b) GDPR), sending new information on the Website’s functionalities (art. 6 sec. 1 (f) GDPR), processing payments and settlements of the services offered on the Website (art. 6 sec. 1 (b) GDPR), performing legal obligations (art. 6 sec. 1 (c) GDPR), sending ordered commercial information on the Website and direct marketing (art. 6 sec. 1 (b) GDPR), as well as the necessity for purposes stemming from the legitimate interests pursued by the Administrator (art. 6 sec. 1 (f) GDPR).
6. The newsletter service referred to in point 4.f. is activated through a form available on the Website. The User may also consent to sending commercial information related to direct marketing of services or goods, i.e. newsletters, addressed to a designated recipient by electronic communication means, in particular by electronic mail using the data obtained by the Service Provider as part of registration or use of the Site, in accordance with the declarations made upon registration.
7. If necessary, the User’s personal data may be transferred to entities providing services to the Administrator within the scope of hosting, legal services, accounting, marketing, payment operators, and cooperating entities that need the data in order to carry out a particular order. 

§ 3
USER RIGHT

1. The User has the following rights:
   1. the right to confirm the processing of his/her personal data and to access his/her personal data,
   2. the right to object to the processing of personal data, 
   3. the right to request the restriction of the processing of personal data, 
   4. the right to rectify his/her personal data, 
   5. the right to erase his/her personal data, 
   6. the right to receive a copy of his/her personal data, 
   7. the right to transfer his/her personal data,
   8. the right to file a complaint before the supervisory authority. 
2. The User has the right to obtain a confirmation from the Administrator as to whether the personal data relating to him/her is being processed and, if it is, he/she is entitled to access the data and the following information:
   1. the purpose of the processing;
   2. information on the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular, the recipients in third countries or international organizations;
   3. categories of personal data concerned;
   4. information about the right to request the following actions from the Administrator: rectification, erasure, and restriction of the processing of personal data concerning the data subject, as well as the right to object to such processing;
   5. if feasible, the intended period of storage of the personal data and, if this is not possible, the criteria for determining that period;
   6. information on the right to lodge a complaint with a supervisory authority;
   7. information on automated decision-making, including profiling as referred to in Article 22(1) and (4) of GDPR, and relevant information on the rules for decision-making, as well as on the significance and foreseeable consequences of such processing for the data subject – at present the Administrator does not undertake and does not plan to undertake such actions.
3. The User has the right to object at any time to the processing of his/her personal data for the purposes of direct marketing carried out by the Administrator, including profiling, to the extent of which the processing is related to such direct marketing.
4. The Data Subject has the right to request the Administrator to restrict processing in the following cases:
   1. The User questions the correctness of the personal data – for a period that allows the Administrator to check the correctness of the data;
   2. the processing is unlawful and the User objects to the deletion of personal data, requesting instead that its use be restricted;
   3. the Administrator no longer needs the personal data for processing purposes, but the data is needed by the User to establish, assert or defend a claim;
   4. the User has raised an objection under Article 21(1) GDPR to the processing – for as long as it is determined whether the legitimate grounds on the part of the Administrator override the grounds of the data subject’s objection.
5. The user has the right to request the Administrator to promptly rectify the inaccurate personal data concerning him or her. Taking into account the purposes of processing, the data subject has the right to request the completion of incomplete personal data, also by submitting an additional statement.
6. The User has the right to request the Administrator to delete his/her personal data immediately, and the Administrator is obliged to delete the personal data without undue delay if one of the following circumstances occurs:
   1. personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
   2. the data subject has withdrawn the consent on which the processing is based in accordance with Article 6(1)(a) and there is no other legal basis for the processing;
   3. the data subject objects under Article 21(1) GDPR to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects under Article 21(2) GDPR to the processing;
   4. personal data were processed unlawfully;
   5. personal data must be deleted in order to comply with legal obligations under European Union law or the law of a Member State to which the Administrator is subject;
   6. personal data has been collected in connection with the offering of information society services as referred to in Article 8(1) of GDPR.
7. The Administrator reserves the right to refuse to delete personal data if their retention is necessary for the realization of claims or if it is required by applicable law.
8. The data subject has the right to receive his/her personal data which he or she has provided to the Administrator, and has the right to transfer such personal data to another Administrator without hindrance from the Administrator, if:
   1. the processing is based on consent pursuant to Article 6(1)(a) of GDPR or on the contract pursuant to Article 6(1)(b) of GDPR; and
   2. processing is carried out by automated means.
9. The User has the right to request the transfer of his/her personal data to another Administrator, insofar as this is technically possible.
10. The User has the right to lodge a complaint to the supervisory authority – the President of the Office for Personal Data Protection, 2 Stawki Street, 00-193 Warsaw, Poland.
11. In order to exercise any of the rights referred to above, the User may send a request to the Administrator in writing to Contentation Sp. z o.o., Aleja Piastów 22, 71-064 Szczecin, Poland or via e-mail to app@contentation.com.
12. If the processing of data is based on consent, the User also has the right to withdraw his/her consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

§ 4
COOKIES

1. Cookies are used as part of the activities of the Website, and they are stored in end Users’ devices. 
2. The use of cookies is understood as storing and accessing them by the Administrator.
3. Cookies are computer data, in particular text files, which are stored on the User’s end devices and are intended for the use of websites. Cookies usually contain the name of the website they come from, the time of storing them on the terminal equipment, the content (e.g. action identifiers), and a unique number.
4. The Website uses cookies in order to:
   1. adapt the content of the Website to User preferences and optimize the use of the Website. In particular, these files allow for the recognition of the User’s device and for appropriate display of the Website, adjusting it to his/her needs and preferences;
   2. compile statistics and analysis relating to the use of the Website.
5. The Website uses two basic types of cookies, i.e.
   1. “session cookies” (session storage) – i.e. temporary files that are stored on the User’s terminal equipment until the session expires (e.g. by leaving the Website, deleting them by the User, or switching off the software).
   2. “persistent” (local storage) – i.e. cookies that are stored on the terminal equipment of the User for the time specified in the parameters of cookies or until they are deleted by the User.
6. The use of cookies does not cause any configuration changes in the User’s end device and in the software installed on that device.
7. The default settings of Internet browsers usually allow the storage of cookies on the terminal equipment of website users. However, these settings can be changed by the User.
8. The User has the possibility to determine the conditions for the use of cookies through the settings of the software (web browser) installed on his/her end device. The change may involve partial or complete restriction of the possibility of storing cookies on the User’s terminal device.
9. Pursuant to the provisions of the Telecommunications Act, the User’s consent to store information or gain access to information already stored in the telecommunications end device may also be expressed by the User via the settings of the software installed in the end device used. Therefore, if the User does not wish to give such consent, he/she should change the settings of his/her web browser.
10. Detailed information on how to change your browser’s cookie settings and how to delete them can be found on the official website of the specific browser. 

§ 5
STORAGE OF PERSONAL DATA

1. The User’s personal data will be processed for the period of: using the services of the Website, revoking by the User of his/her consent to their processing (if the processing is carried out solely on the basis of the consent) and for the time of holding the account by the User. 
2. In the case of an existing or potential legal dispute between the User and the Administrator, as well as in the case of the existence of a legitimate obligation of the Administrator, the Administrator may continue to store the personal data which are essential for the Administrator to protect and/or exercise their rights or perform their obligations. The processing of personal data for statistical purposes will be carried out for a period of 2 years after its collection.

§ 6
SOFTWARE

1. The Administrator may use the Google Analytics tool provided by Google Inc. which is based in the USA and thus outside the European Economic Area. Google Inc. is a member of the EU-US Privacy Shield programme and provides an adequate level of data protection. This tool is used to analyze website statistics. Detailed information on the data collected by Google Analytics is described in the Google Analytics Privacy Policy, available under this link.
2. The Administrator may use the Google Ads tool provided by Google Inc. which is based in the USA and thus outside the European Economic Area. Google Inc. is a member of the EU-US Privacy Shield program and provides an adequate level of data protection. The tool is an advertising system that enables you to deliver your advertising content through Google’s proprietary channels. Detailed information about Google Ads is described in Google’s privacy policy, available at this link.
3. The Administrator may use the Google Cloud tool provided by Google Inc. which is based in the USA and thus outside the European Economic Area. Google Inc. is an entity that has joined the EU-US Privacy Shield programme and ensures an appropriate level of data protection. The tool is used for hosting services, i.e. server services. Detailed information on Google Ads is described in Google’s privacy policy, available at this link.
4. The Administrator may use the Facebook Ads tool provided by Meta Platforms Ireland Ltd., which is based in Ireland, within the European Economic Area. The tool is an advertising system that enables the creation and precise targeting of paid campaigns located on Facebook, Instagram, Messenger, and Audience Network. Detailed information about Facebook Ads is described in Meta’s privacy policy, available at this link.
5. The Administrator may use the Facebook Pixel tool provided by Meta Platforms Ireland Ltd., which is based in Ireland, within the European Economic Area. The tool is used to target ads to the right audience, automatically configure marketing messages and measure the results of displayed ads. For more information about the processing and protection of personal data processed by Facebook Inc. please see Facebook’s privacy policy available at this link.
6. The Administrator may use the Hotjar tool provided by Hotjar Ltd., which is based in Malta, i.e. within the European Economic Area. The tool is used to record the behavior of users of the website. Detailed information on the principles of processing and protection of personal data processed by Facebook Inc. are described in Facebook’s privacy policy available at this link.
7. The Administrator may use the Google Cloud tool provided by Hotjar Ltd, which is based in Malta, within the European Economic Area. The tool is used to record the behavior of website users. Detailed information on the principles of processing and protection of personal data processed by Facebook Inc. are described in Facebook’s privacy policy available at this link.
8. In addition, the Administrator may use the services of companies that handle online payments, quick transfers, credit and debit cards. The privacy policies of these entities are made available when using these tools.  

§ 7
LIABILITY DISCLAIMER

1. The Administrator shall not be responsible for the privacy policy of websites to which the User will be transferred via links on the Website.
2. The Privacy Policy does not apply to services and companies whose contact details are provided on the Website.  
3. Any announcements, advertisements, or other similar content placed on the Website by its Users are of solely informative character and do not constitute an offer within the meaning of the Civil Code and cannot constitute the basis for any claims against the Administrator.
4. The Administrator shall make every effort to protect the privacy of the Users. The Administrator applies all precautions required by law to ensure that all data, including personal data provided by the Users, is protected against loss, destruction, disclosure, access by unauthorized persons, and misuse. Also, due to relevant actions, the Users can contribute to increasing the security of their data, including personal data on the Internet (e.g. by frequent changes of user passwords, by use of combinations of letters and numbers in their passwords).