PRIVACY POLICY

I. Privacy Policy of the website totuszkola.pl

  1. General Information: This document is the privacy policy adopted by Ada Kunze ToTu Language School and concerns the rules for processing personal data collected from clients of the Website via the website: www.totuszkola.pl and civil law contracts.

  2. The Privacy Policy document fulfills the informational obligation arising from: Article 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.05.2016, p. 1) (hereinafter GDPR). It is also an expression of care for the rights of visitors to the Service located in the company’s domains and using the services offered through it.

  3. Data Controller The controller of personal data collected from the clients of the website is Ada Kunze ToTu Language School, based in Warsaw (02-483) at 24E Ryżowa Street, REGON: 142990290, NIP: 5222785062. Contact: kontakt@totuszkola.pl, phone: 698 866 331.

II. Basis, Purpose, and Scope of Processing – what data we collect, why, and how we process it

  1. The data controller declares that it processes users’ personal data in accordance with: Article 6(1)(b) – i.e., processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract, or Article 6(1)(a) – i.e., based on the consent of the data subject. The data controller processes personal data to fulfill a contract or for a purpose indicated in the consent. The data controller processes data only to the extent necessary for these purposes and for the period necessary to fulfill the contract, or until the consent is withdrawn by the data subject.

  2. The Administrator’s Service located at www.totuszkola.pl voluntarily collects the following personal data from users: name, surname, address, email address, phone number. The legal basis for processing personal data is the legitimate interest of the Data Controller consisting of actions aimed at concluding a language teaching contract (contact with the client) and building positive relationships with clients. Data collected through the contact form is gathered to: send responses to received inquiries and requests, manage and fulfill obligations arising from contracts that bind the Data Controller with the Service guest, anticipate and resolve difficulties related to the products and services provided to the user of the site. The Service guest may also voluntarily consent to the use of provided data, i.e., email address, for the purpose of individual marketing by the Data Controller.

III. Who has access to data collected via the Service

  1. Personal data collected via the Service is not shared with third parties, except in cases where such sharing results from applicable laws obligating the Data Controller to transfer them to authorized entities.

  2. The Administrator collects service logs but does not associate them in any way with personal data. Based on log files, statistics may be generated to assist in administering the service. Aggregated summaries in the form of such statistics do not contain any features identifying individuals visiting the Service.

IV. User Rights. Right to Access Data

In accordance with Articles 15-22 of the GDPR, every user has the following rights:

  1. Right of access (Article 15 GDPR). The data subject is entitled to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.

  2. Right to rectification (Article 16 GDPR). The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.

  3. Right to erasure (“right to be forgotten”) (Article 17 GDPR). The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay.

  4. Right to restriction of processing (Article 18 GDPR). The data subject has the right to obtain from the controller restriction of processing where: a) the data are inaccurate – for a period enabling the controller to verify the accuracy of the personal data; b) the data subject has objected to processing pursuant to Article 21(1) pending the verification of whether the legitimate grounds of the controller override those of the data subject; c) the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.

  5. Right to data portability (Article 19 GDPR).

  6. Right to object. If personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

  7. The user can exercise their rights by sending a request to kontakt@totuszkola.pl: a) The request should be sent from the email address used for registration on the website to ensure proper identification. b) The request can also be submitted by sending a registered letter containing the request to the correspondence address of the company operated by the Data Controller.

  8. In accordance with the law, the Administrator will respond to the request within one month. If the Administrator does not take action, they will inform the requesting person.

  9. There is a right to lodge a complaint with a Supervisory Authority regarding the Administrator’s actions.

V. Protection of minors’ privacy

  1. Clients of the School can only be adults, but the School does not collect or verify information about clients’ ages.

  2. The School Administrator is not responsible for the registration of minors in the Store or their actions. Legal responsibility for such actions lies solely with their legal guardians.

VI. Security Measures

  1. The Service is equipped with security measures to protect personal data under the Administrator’s control from loss, misuse, and alteration. The Administrator also has appropriate documentation and has implemented procedures related to data protection within the company.

  2. The Administrator ensures that all disclosed information is protected in accordance with applicable laws and security standards, particularly: a) Access to personal data collected by the Data Controller is restricted to authorized employees or associates of the Data Controller and authorized persons servicing the Service who have been granted appropriate authorizations under Article 29 of the GDPR. b) The Administrator declares that when outsourcing services to other entities, they require partners to ensure high standards of data protection, sign appropriate processing agreements, and reserve the right to audit compliance with these standards. c) To ensure proper protection of services provided electronically, the Service Administrator uses high-security measures, including cryptographic protection of data transmission (SSL protocol). d) Due to the public nature of the Internet, using services provided electronically may involve risks, regardless of the Administrator’s due diligence.

VII. Cookies Mechanism. Links to other websites

  1. Some areas and functionalities of the Service may use cookies, which are text files saved on the visitor’s computer, identifying them as necessary for certain operations. Cookies are used, among other things, to remember data necessary for user login. The condition for cookies to work is their acceptance by the browser and not deleting them from the disk.

VIII. Cookies

  1. The site uses “session” cookies (saved until leaving the site, closing the browser) and permanent cookies (saved on the computer for a specified period).

  2. Site users can change their settings regarding cookies. The web browser allows the removal and blocking of cookies. Detailed information is contained in the help or documentation of the web browser.

  3. Disabling cookies will most often limit or block some functionalities of the site.

IX. Changes to the Privacy Policy

  1. The Service Administrator reserves the right to change the above privacy policy at any time and place while committing to immediately publish the new privacy policy on the Service’s websites and inform all registered Users.

  2. The Data Controller reserves the right to make changes, withdraw, or modify the functions or features of the Service’s websites, and to perform any legal actions permitted by applicable laws.

X. Contact

  1. If you have any questions or comments regarding this privacy policy or any practices applied at the School, please contact: kontakt@totuszkola.pl.