Privacy policy
The following policy (“Privacy Policy“) has been prepared by Colorful Work spółka z ograniczoną
odpowiedzialnością with its registered office in Warsaw and is addressed to natural persons whose personal data
is processed in connection with business, promotional and marketing activities conducted by the Controller as
well as due to the use by such persons of the website www.colorfulwork.pl (“Website“).
The Controller processes personal data in accordance with the provisions of generally applicable law, including
in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the
protection of individuals with regard to the processing of personal data and on the free movement of such data
and the repeal of Directive 95/46/EC (General Data Protection Regulation) (GDPR) and the Act of May 10,
2018, on the protection of personal data.
Personal data controller
The Controller of personal data is Colorful Work spółka z ograniczoną odpowiedzialnością with its registered
office in Warsaw (00-517 Warsaw), at 80 Marszałkowska Street, entered into the Register of Entrepreneurs of
the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 12th
Commercial Division of the National Court Register under KRS number: 0000820605, NIP: 7010490713,
REGON: 361776784 (Controller). The Controller can be contacted by traditional mail or by sending an e-mail
to the e-mail address indicated below.
Colorful Work spółka z ograniczoną odpowiedzialnością
80 Marszałkowska Street
00-517 Warsaw
biuro@colorfulwork.pl
The basis and purpose of personal data processing
Personal data is processed:
- in order to enable the Controller to contact the user via the Website and contact forms, as well as in
connection with the transfer of contact data in a different way, including by e-mail correspondence; - in order to perform the contract;
- in order to comply with legal obligations to which the Controller is subject in connection with the
performance of the contract; - in order to carry out direct marketing of services provided by the Controller;
- in order to pursue the Controller 's legitimate interest in establishment, exercise claims or Controller 's
rights or defending against such claims (legitimate legal interest); - to ensure the smooth functioning of the Website and to adapt it to the needs of users.
The Controller legitimate interest includes the establishment and exercise of claims or the Controller rights, defence against such claims, as well as direct marketing of services provided by the Controller and the provision of services and communication with the client.
The Controller obtains personal data directly from the user via the Website, through the functionalities and
communication tools available on it, and sending messages to the Controller through them.
The type of personal data processed
The Controller may process personal data: name and surname, e-mail address, telephone number, message
content and message subject.
Sharing personal data with third parties
Personal data is made available to the following recipients or categories of data recipients:
- service providers providing services on behalf of or for the Controller;
- if such an obligation results from mandatory provisions of law.
Transfer of personal data to third countries
The Controller does not transfer personal data to recipients located in third countries.
Personal data processing time
Personal data is processed for the time necessary for the purposes for which they were collected, unless longer
processing, including the storage of personal data, is necessary to comply with applicable law.
Rights of persons whose personal data is processed
- Access to personal data. At any time, the person whose data is processed by the Controller may exercise
the right to access their data. - Correction and completion of data. The person whose data is processed by the Controller has the right
to request the Controller to immediately rectify their personal data that is incorrect, as well as to request
completion of incomplete personal data. - Right to erasure. The person whose data is processed by the Controller has the right to request the
Controller to immediately delete his personal data. Personal data will be deleted in the following cases: - when personal data are no longer necessary in relation to the purposes for which they were
collected or otherwise processed; - when the data subject has withdrawn the consent on which the processing is based and there is
no other legal ground for the processing; - when an objection to data processing has been raised, if the Controller processes this data in a
legitimate interest and there are no overriding legitimate grounds for processing this data; - when personal data have been unlawfully processed;
- when personal data have to be erased for compliance with a legal obligation in European
Union law or Polish law; - when personal data have been collected in relation to the offer of information society services
within the meaning of the GDPR.
However, the Controller will not be able to delete personal data to the extent that their processing will
be necessary: (i) to exercise the right of freedom of expression and information, (ii) to comply with a
legal obligation requiring processing under the European Union law or Polish law, (iii) to establish,
exercise or defend claims.
The right to restrict data processing. The person whose data is processed by the Controller has the right
to request the Controller to restrict the processing of personal data.Right to object. The person whose data is processed by the Controller has the right to object to the
processing of his personal data in the event that the Controller processes this data in a legitimate
interest. The Controller may not accept the objection if the Controller demonstrates compelling
legitimate grounds for the processing which override the interests, rights and freedoms of the data
subject or for the establishment, exercise or defence of claims.Right to withdraw consent. If the processing of personal data is based on the consent of the data subject,
the data subject has the right to withdraw consent at any time. Withdrawal of consent shall not affect the
lawfulness of processing based on consent before its withdrawal.Right to data portability. To the extent that personal data is processed for the purpose of concluding and
performing a contract or processed on the basis of consent and data processing is carried out by
automated means – the data subject has the right to receive the personal data concerning him or her from
the Controller in a structured, commonly used and machine-readable format. Such data may also be
transmitted at the request of the data subject to another Controller.Right to complain. The data subject has the right to lodge a complaint against the processing of personal
data by the Controller to the supervisory body, which in Poland is the President of the Personal Data
Protection Office.
Processing of special categories of data
The Controller does not process data considered to be particularly protected in accordance with data protection
regulations.
Voluntariness of providing personal data
Providing personal data to the Controller is voluntary. However, the refusal to provide personal data will prevent
the conclusion of the contract and the establishment of contact with the Controller and may also affect the scope
of services that the Controller will be authorized to provide to the person who refused to provide such data.
Automated decision making
The Controller does not make automated decision-making.
Cookies
The Website uses cookies, i.e. IT data that are saved on the user devices when using websites and then stored in
the memory of such devices. Cookies are used by the Controller to ensure optimal service of the user's visit to
the Website and enable faster and easier access to information, as well as to offer the user increasingly improved
functionalities of the Website and content more tailored to the user.
The stored information or accessing it does not change the configuration of the user's device and the software
installed on it.
Cookies are used to:
- adapting the content of the Website to the user's preferences and optimizing the use of websites, in
particular, these files allow to recognize the device of the Website user and properly display the
website, adapted to his individual needs; - creating statistics that help to understand how Website users use websites, which allows improvement
of their structure and content.
The Website uses two basic types of cookies: - session cookies, i.e. temporary files that remain on the user device until the user leaves the Website or
turns off the web browser. In this case, the information stored in session cookies is automatically
deleted; - persistent cookies, i.e. files that remain on the user's device for the period specified in the cookie file
parameters or until they are manually deleted.
The individual categories of cookies used on the Website are described below:
- essential cookies, enabling the use of services available on the Website, e.g. authentication cookies used
for services requiring authentication on the Website; - cookies used to ensure security, e.g. used to detect abuses in the field of authentication within the
Website; - performance cookies, enabling the collection of information on how the Website's pages are used;
- functional cookies, enabling remembering the settings selected by the user and personalizing the user
interface, e.g. with regard to the selected language or region from which the user comes, font size,
website appearance etc.; - advertising cookies, enabling the provision of advertising content to users more tailored to their interests.
Cookies are installed automatically. At any time, each user may change the settings regarding the cookies
mechanism, i.e. change the conditions for remembering, storing and accessing information collected using
cookies, including disabling the cookies mechanism or limiting the possibility of their transmission. Detailed
information on the possibilities and ways of handling cookies are available in the web browser settings.
Restrictions on the use of cookies may affect some of the functionalities available on the Website.
Website administrator
The entity placing cookies on the Website user's end device and accessing them is the Website administrator, i.e.
Colorful Work spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw (00-517 Warsaw),
at 80 Marszałkowska Street, entered into the Register of Entrepreneurs of the National Court Register kept by
the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court
Register under KRS number: 0000820605, NIP: 7010490713, REGON: 361776784 (Controller).
Data collected
The Controller collects information on the interaction of users with the Website, i.e. date, time of visit, activities
undertaken on the Website, as well as the type and IP number of the device.
Information collected via cookies is used only for technical purposes, in particular, to manage the Website,
identify and solve problems related to the operation of servers, analyse possible security breaches, as well as for
statistical purposes (anonymously).
Changes to the Privacy Policy
This Privacy Policy may be changed in particular if the need or obligation to introduce such changes results from
changes in the relevant provisions of law, including changes in data recipients.
Persons whose data is processed in accordance with this Privacy Policy will be notified of its changes in
advance.