1. Data Controller
The data controller responsible for your personal data is Lohonu Xecame, with its registered address at Hutnicza 3, Lublin, Poland. You can contact us regarding data protection matters at [email protected] or by telephone at +48 535 000 641.
This Privacy Policy governs the processing of personal data by Lohonu Xecame in connection with your use of the website located at lohonu-xecame.info and any services described therein. It has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation, or GDPR), as well as the Polish Act of 10 May 2018 on the Protection of Personal Data (Ustawa o ochronie danych osobowych, Dz.U. 2018 poz. 1000) and the Polish Act of 18 July 2002 on the Provision of Electronic Services (Ustawa o swiadczeniu uslug droga elektroniczna).
2. Data We Collect
We collect personal data only where necessary for the purposes described in this policy. The categories of data we may process include:
Data you provide directly: When you use our contact form, you may provide your name, email address, telephone number, and the content of your message. You are not required to provide all fields, though some are necessary for us to respond to your enquiry.
Data collected automatically: When you visit our website, our web server and analytics tools may collect technical information such as your IP address, browser type, operating system, referring URL, pages visited, and the time and date of your visit. This data is collected through cookies and similar technologies, as described in our Cookie Policy.
Data from third-party services: We may receive aggregated and anonymised data from analytics providers. We do not purchase personal data from third parties or combine third-party data with data you have provided directly to us.
3. Legal Basis for Processing
Under Article 6 of the GDPR, we process your personal data on the following legal bases:
Article 6(1)(a) - Consent: Where you have given us specific, informed, and unambiguous consent to process your data, such as when accepting non-essential cookies or subscribing to communications.
Article 6(1)(b) - Contractual necessity: Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering a contract, such as responding to an enquiry about course access.
Article 6(1)(c) - Legal obligation: Where processing is necessary for compliance with a legal obligation to which Lohonu Xecame is subject under applicable Polish or European Union law.
Article 6(1)(f) - Legitimate interests: Where processing is necessary for the purposes of legitimate interests pursued by us or a third party, provided these are not overridden by your fundamental rights and freedoms. Our legitimate interests include operating and improving our website, preventing fraud, and ensuring information security.
4. How We Use Your Data
Personal data collected through this website is used for the following purposes:
To respond to enquiries submitted via the contact form and to communicate with you about the course or services you have expressed interest in. To operate and maintain the website, including diagnosing technical issues and ensuring security. To analyse aggregated usage patterns in order to improve the website's structure and content. To comply with applicable legal and regulatory requirements. To send informational communications where you have consented to receive them.
We do not use your personal data for automated decision-making or profiling as defined under Article 22 of the GDPR. We do not use your data for direct marketing without your prior consent.
5. Data Retention
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law.
Contact enquiries and related correspondence are retained for a period of up to 24 months from the date of last contact, after which they are securely deleted unless a longer retention period is required by law. Website usage data collected via analytics tools is retained in aggregated, anonymised form and is not linked to identifiable individuals after 14 months. Data processed on the basis of your consent is retained until you withdraw that consent, at which point it will be deleted without undue delay.
6. Sharing of Data
Lohonu Xecame does not sell, rent, or trade your personal data to any third party. We may share your data with the following categories of recipients where necessary:
Service providers: We engage carefully selected third-party service providers who process data on our behalf under data processing agreements that comply with Article 28 of the GDPR. These include hosting providers, email service providers, and analytics platforms. All such providers are required to implement appropriate technical and organisational measures to protect your data.
Legal authorities: We may disclose personal data to competent authorities, courts, or law enforcement bodies where required to do so by applicable law, a court order, or regulatory requirement. Where legally permissible, we will inform you of such disclosure.
Business transfers: In the event of a merger, acquisition, or sale of all or part of our business, personal data may be transferred to the acquiring entity as part of that transaction. You will be notified of any such change and your rights under this policy will be maintained.
7. International Transfers
Where we transfer personal data to countries outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place as required by Chapter V of the GDPR. Such safeguards may include Standard Contractual Clauses approved by the European Commission, adequacy decisions issued by the European Commission in respect of the destination country, or other legally recognised transfer mechanisms.
You may request information about the specific safeguards in place for any international transfer by contacting us at the address provided in Section 1.
8. Your Rights
Under the GDPR and applicable Polish data protection law, you have the following rights with respect to your personal data:
Right of access (Article 15): You may request a copy of the personal data we hold about you and information about how it is processed.
Right to rectification (Article 16): You may request correction of inaccurate or incomplete personal data.
Right to erasure (Article 17): You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent, or where processing is unlawful.
Right to restriction (Article 18): You may request that we restrict processing of your data in certain circumstances.
Right to data portability (Article 20): Where processing is based on consent or contract and carried out by automated means, you may request a copy of your data in a structured, commonly used, machine-readable format.
Right to object (Article 21): You may object to processing based on legitimate interests at any time. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.
To exercise any of these rights, contact us at [email protected]. We will respond within one calendar month as required by Article 12 of the GDPR.
9. Cookies
This website uses cookies and similar technologies. A cookie is a small text file stored on your device when you visit a website. We use cookies to ensure the website functions correctly, to remember your preferences, and, where you have consented, to analyse how the site is used.
You can manage your cookie preferences at any time using the cookie consent tool available on this website. You can also configure your browser to block or delete cookies, though this may affect your ability to use certain features of the site. Full details of the cookies we use and the purposes for which they are used are set out in our Cookie Policy.
10. Children's Privacy
This website and the course it describes are intended for adults. We do not knowingly collect personal data from individuals under the age of 16. If you believe that a person under 16 has submitted personal data to us, please contact us immediately at [email protected] and we will take steps to delete that data promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or the services we provide. Any changes will be published on this page with an updated "Last Updated" date. Where changes are material, we will take reasonable steps to bring them to your attention. We encourage you to review this policy periodically.
12. Contact the DPA
If you believe that your personal data has been processed in a manner that does not comply with applicable data protection law, you have the right to lodge a complaint with the supervisory authority. In Poland, the competent supervisory authority is the President of the Office for Personal Data Protection (Prezes Urzedu Ochrony Danych Osobowych, UODO), located at ul. Stawki 2, 00-193 Warsaw. Further information is available at uodo.gov.pl.
We would, however, welcome the opportunity to address any concerns directly before you approach the supervisory authority. Please contact us first at [email protected].