24.03.2025 r.
GENERAL PROVISIONS
This Privacy Policy of the Website is for information purposes only, which means that it does not create any obligations for persons using the Website. The Privacy Policy primarily sets out the rules regarding the processing of personal data collected by the Administrators through the Website, including the legal bases, purposes, and duration of personal data processing, as well as the rights of individuals whose data is processed. It also provides information about the use of Cookies and similar technologies, as well as analytical tools on the Website.
The Administrators of personal data collected through the Website are FINANSOWY NIEPORADNIK Spółka z ograniczoną odpowiedzialnością, entered in the Central Registration and Information on Business of the Republic of Poland maintained by the minister responsible for economy, having its business and correspondence address at: ul. Biskupa Albina Małysiaka 26B/10, 30-389 Kraków, KRS 0001145962, NIP 6762683839, REGON 540479970, email address: kontakt@finansowynieporadnik.pl, and contact phone number: +48 531-386-079 — hereinafter referred to as the “Administrator” and also being the Owner of the Website.
Personal data on the Website is processed by the Administrators in accordance with applicable law, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) — hereinafter referred to as “GDPR” or the “GDPR Regulation.”
Official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
Using the Website is voluntary. Similarly, providing personal data by a user of the Website is voluntary, except that failure to provide certain data required to use a given functionality of the Website may result in the inability to use that functionality (e.g., a contact form). In such cases, providing personal data is a contractual requirement, and if the person concerned wishes to use a particular functionality offered on the Website by the Administrators, they must provide the required data. The scope of data required to use each functionality is indicated on the Website (e.g., before completing the contact form).
The Administrators exercise special care to protect the interests of the individuals whose personal data they process and, in particular, ensure that the collected data:
is processed lawfully;
is collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes;
is accurate and adequate in relation to the purposes for which it is processed;
is stored in a form that permits identification of the data subjects for no longer than necessary for the purposes of processing; and
is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, by means of suitable technical or organizational measures.
Taking into account the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Administrators implement appropriate technical and organizational measures to ensure that processing is carried out in accordance with the GDPR and that compliance can be demonstrated. These measures are reviewed and updated when necessary. The Administrators also apply technical measures to prevent unauthorized access to and modification of personal data transmitted electronically.
All words, expressions, and acronyms appearing in this Privacy Policy and beginning with a capital letter should be understood in accordance with their meaning as defined in this document.
The Administrators are authorized to process personal data when – and to the extent that – at least one of the following conditions is met:
(1) the data subject has given consent to the processing of their personal data for one or more specific purposes;
(2) processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
(3) processing is necessary for compliance with a legal obligation to which the Administrators are subject; or
(4) processing is necessary for the purposes of the legitimate interests pursued by the Administrators or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, particularly where the data subject is a child.
The processing of personal data by the Administrators always requires at least one of the above legal bases to apply. The specific legal grounds for processing users’ personal data by the Administrators are indicated in the following section of this Privacy Policy – in relation to each particular purpose of data processing.
Each time, the purpose, legal basis, duration, and recipients of personal data processed by the Administrators depend on the actions taken by the user on the Website.
The Administrators may process personal data on the Website for the following purposes, on the following legal bases, and for the periods specified below:
| Purpose of data processing | Legal basis for data processing | Data retention period |
|---|---|---|
| Use of electronic services provided by the Administrators on the Website | Article 6(1)(b) of the GDPR (performance of a contract) – processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract (e.g. responding to an inquiry sent via the contact form). | Data is stored for the period necessary to perform, terminate, or otherwise expire the contract concluded with the Administrators, e.g. for the time needed to respond to the user’s inquiry sent through the contact form. |
| Direct marketing | Article 6(1)(f) of the GDPR (legitimate interest) – processing is necessary for the purposes of the legitimate interests pursued by the Administrators, such as maintaining the Administrators’ image and promoting their services. | Data is stored for as long as the legitimate interest of the Administrators exists, but no longer than the limitation period for claims against the data subject under the Administrators’ business activities. The limitation period is defined by law, particularly the Civil Code (the basic limitation period for business-related claims is three years). The Administrators may not process data for direct marketing purposes if the data subject objects to such processing. |
| Keeping tax records | Article 6(1)(c) of the GDPR in conjunction with Article 86 §1 of the Tax Ordinance Act of 17 January 2017 (Journal of Laws 2017, item 201, as amended) – processing is necessary for compliance with a legal obligation to which the Administrators are subject. | Data is stored for the period required by law, which obliges the Administrators to keep tax records (until the expiry of the tax liability limitation period, unless tax laws provide otherwise). |
| Marketing | Article 6(1)(a) of the GDPR (consent) – the data subject has given consent to the processing of their personal data for marketing purposes by the Administrator. | Data is stored until the data subject withdraws their consent to further processing for this purpose. |
| Establishment, exercise, or defense of legal claims by or against the Administrators | Article 6(1)(f) of the GDPR (legitimate interest) – processing is necessary for the purposes of the legitimate interests pursued by the Administrators, consisting in establishing, exercising, or defending legal claims. | Data is stored for as long as the legitimate interest of the Administrators exists, but no longer than the limitation period for claims under applicable law. The limitation period is defined by law, particularly the Civil Code (the basic limitation period for claims that may be raised against the Administrators is six years). |
| Use of the Website and ensuring its proper functioning | Article 6(1)(f) of the GDPR (legitimate interest) – processing is necessary for the purposes of the legitimate interests pursued by the Administrators, consisting in maintaining and operating the Website. | Data is stored for as long as the legitimate interest of the Administrators exists, but no longer than the limitation period for claims related to the Administrators’ business activities (typically three years under the Civil Code). |
| Statistics and analysis of Website traffic | Article 6(1)(f) of the GDPR (legitimate interest) – processing is necessary for the purposes of the legitimate interests pursued by the Administrators, consisting in compiling statistics and analyzing Website traffic to improve its functionality. | Data is stored for as long as the legitimate interest of the Administrators exists, but no longer than the limitation period for claims related to the Administrators’ business activities (typically three years under the Civil Code). |
For the proper functioning of the Website, it is necessary for the Administrators to use the services of external entities (such as software providers). The Administrators use only those processors that provide sufficient guarantees of implementing appropriate technical and organizational measures so that the processing meets the requirements of the GDPR and protects the rights of data subjects.
Personal data may be transferred by the Administrators to a third country; however, the Administrators ensure that, in such cases, the transfer will be made only to countries providing an adequate level of data protection in accordance with the GDPR, or, in the case of other countries, on the basis of standard contractual clauses. The Administrators ensure that the data subject has the right to obtain a copy of their data. The Administrators transfer collected personal data only when and to the extent necessary to achieve a specific purpose of data processing in accordance with this Privacy Policy.
The transfer of data by the Administrators does not occur in every case and not to all recipients or categories of recipients indicated in this Privacy Policy — data is shared only when necessary for the specific purpose of processing and only to the extent required to achieve that purpose.
Personal data of Website users may be transferred to the following recipients or categories of recipients:
Service providers supplying the Administrators with technical, IT, and organizational solutions that enable them to conduct business operations, including the operation of the Website and electronic services (in particular, providers of website management software, email and hosting providers, software for business management, and technical support providers). The Administrators share collected personal data of users with a selected provider acting on their behalf only when and to the extent necessary for the specific purpose of processing, in accordance with this Privacy Policy.
Providers of social media plugins, scripts, and similar tools embedded on the Website that allow the visitor’s browser to download content from those providers and transmit personal data of the visitor to them, including:
Meta Platforms Ireland Ltd. – The Administrators may use Facebook and Instagram plugins on the Website and, in connection with this, may collect and share personal data of users with Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) to the extent and in accordance with the privacy policies available here:
Facebook: https://www.facebook.com/about/privacy/
Instagram: https://help.instagram.com/519522125107875/?helpref=hc_fnav
(This data includes information about user activity on the Website — including device information, visited sites, viewed advertisements, and usage patterns — regardless of whether the user has an account or is logged in to Facebook or Instagram.)
TikTok Technology Limited – The Administrators use TikTok social media plugins on the Website and, in connection with this, may collect and share personal data of users with TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland) to the extent and in accordance with the privacy policy available here:
https://www.tiktok.com/legal/privacy-policy?lang=pl
(This data includes information about activity on the Website — such as device details, visited sites, purchases, viewed ads, and usage patterns — regardless of whether the user has a TikTok account or is logged in to TikTok.)
The GDPR imposes an obligation on the Administrators to inform about automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR, and — at least in such cases — to provide meaningful information about the logic involved, as well as the significance and expected consequences of such processing for the data subject. With this in mind, the Administrators provide the following information regarding potential profiling.
The Administrators may use profiling on the Website for direct marketing purposes, but decisions made on the basis of such profiling do not concern the conclusion or refusal of a contract, nor the possibility of using electronic services on the Website. Despite profiling, the individual always freely decides whether they wish to take advantage of a discount or offer received in this way.
Profiling on the Website may consist of automated analysis or prediction of a person’s behavior on the Website — for example, by analyzing their previous activity history. The condition for such profiling is that the Administrators possess the individual’s personal data, which enables them to subsequently send, for instance, a discount code or a special offer.
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
Right of access, rectification, restriction, erasure, or data portability – the data subject has the right to request from the Administrators access to their personal data, rectification, erasure (“the right to be forgotten”), or restriction of processing. The data subject also has the right to object to the processing of their data and the right to data portability. Detailed conditions for exercising these rights are set out in Articles 15–21 of the GDPR.
Right to withdraw consent at any time – if data is processed by the Administrators based on the data subject’s consent (under Article 6(1)(a) or Article 9(2)(a) of the GDPR), the data subject has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Right to lodge a complaint with a supervisory authority – the data subject whose data is processed by the Administrators has the right to lodge a complaint with a supervisory authority in the manner and according to the procedure set out in the GDPR and Polish law, in particular the Personal Data Protection Act. In Poland, the supervisory authority is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych).
Right to object – the data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data based on Article 6(1)(e) (public interest or official authority) or Article 6(1)(f) (legitimate interests of the controller), including profiling based on those provisions. In such a case, the Administrators may no longer process the data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
Right to object to direct marketing – if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing, including profiling, insofar as it is related to such direct marketing.
To exercise any of the rights mentioned in this section of the Privacy Policy, the data subject may contact the Administrators by sending a written or electronic message to the contact details provided at the beginning of this Privacy Policy.
COOKIES AND ANALYTICS ON THE WEBSITE
Cookies are small text files sent by a web server and stored on the visitor’s device (e.g. computer hard drive, laptop, or smartphone memory card – depending on the device used to visit the Website). Detailed information about Cookies and their history can be found, among others, here: https://en.wikipedia.org/wiki/HTTP_cookie.
Cookies sent by the Website can be classified according to the following criteria:
By provider: first-party cookies (created by the Administrators’ Website) and third-party cookies (belonging to entities other than the Administrators);
By storage duration: session cookies (stored until the Website is left or the browser is closed) and persistent cookies (stored for a defined period or until manually deleted);
By purpose:
necessary cookies – enable proper functioning of the Website,
functional/preference cookies – allow the Website to be tailored to user preferences,
analytical/performance cookies – collect information on how the Website is used,
marketing/advertising/social cookies – gather information about visitors to display personalized ads, measure effectiveness, and conduct marketing activities, including on third-party websites such as social media platforms.
The Administrators may process data contained in Cookies during a user’s interaction with the Website for the following specific purposes:
| Purpose of Cookie use | Type of Cookies used |
|---|---|
| Remembering data entered in forms | Necessary and/or functional cookies |
| Customizing Website content to user preferences (e.g. colors, font size, layout) and optimizing usability | Functional/preference cookies |
| Conducting anonymous statistics to analyze how the Website is used | Analytical/performance cookies |
Checking active Cookies in popular browsers:
Chrome: Click the lock icon next to the address bar → “Cookies.”
Firefox: Click the shield icon → “Allowed” or “Blocked” → view “Cross-site tracking cookies,” “Social media trackers,” etc.
Internet Explorer: Tools → Internet Options → General → Settings → “View files.”
Opera: Click the lock icon → “Cookies.”
Safari: Preferences → Privacy → “Manage Website Data.”
Alternatively, use tools like https://www.cookiemetrix.com/ or https://www.cookie-checker.com/.
By default, most browsers allow Cookies to be saved. Users can modify Cookie settings at any time – for example, limit or completely disable Cookie storage (though this may affect certain Website functionalities).
Browser settings regarding Cookies are important for consent – according to the law, consent to use Cookies may also be expressed through browser configuration. Detailed instructions for managing or deleting Cookies can be found in browser help sections or via these links:
Chrome
Firefox
Internet Explorer
Opera
Safari
Microsoft Edge
Analytics
The Administrators may use Google Analytics, a service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), to collect statistical and analytical data about Website traffic. Data processed under this service helps generate aggregated statistics for Website administration and performance analysis.
The collected data may include:
traffic sources and user acquisition channels,
behavior on the Website,
device and browser information,
IP address and domain,
geographic location,
demographic data (age, gender), and interests.
Users can easily block sharing their activity with Google Analytics by installing the browser add-on provided by Google:
https://tools.google.com/dlpage/gaoptout?hl=en.
Given the possible use of Google’s advertising and analytics services on the Website, the Administrators inform that the full details on how Google Ireland Ltd. processes visitors’ data (including Cookies) are available in Google’s Privacy Policy:
https://policies.google.com/technologies/partner-sites.
