1. General Information

This policy applies to the website operating under the URL: justynabroda.pl.
The website operator and data controller is Justyna Broda Kosmetolog, NIP: 6783020498.
Contact email address: kontakt@justynabroda.pl.

The Operator is the Data Controller for personal data provided voluntarily via the website.

The website uses personal data for the following purposes:

• Managing the comments system,
• Handling inquiries through forms,
• Fulfilling ordered services,
• Presenting offers or information.

The website collects information about users and their behavior in the following ways:
– Through data voluntarily entered in forms, which is processed in the Operator’s systems,
– By storing cookies on end-user devices.

2. Selected Data Protection Methods Used by the Operator

• Login areas and personal data entry are protected at the transmission layer (SSL certificate), ensuring encryption of data entered on the website.
• User passwords are stored in a hashed format, which is a one-way process and cannot be reversed, following modern standards for password storage.
• Two-factor authentication is used to enhance the security of logins.
• Administrative passwords are periodically changed.
• Regular backups are performed to protect data.
• The Operator keeps all software used for processing personal data up to date, including regular updates of programming components.

3. Hosting

The website is hosted on servers operated by LH.pl (LightHosting).

The hosting provider maintains server-level logs to ensure technical reliability. These logs may include:

• Resources identified by URLs (requested pages or files),
• Time of the request,
• Time of the response,
• Client station name (determined via HTTP protocol),
• Errors encountered during HTTP transactions,
• Referer URL (previously visited page if the user accessed the site via a link),
• Browser information,
• IP address,
• Diagnostic information related to self-ordered services through the website,
• Email correspondence with or from the Operator.

4. Your Rights and Additional Information on Data Usage

In some cases, the Administrator may transfer your personal data to other recipients if it is necessary to execute a contract with you or to fulfill the Administrator’s legal obligations. This includes:

• Hosting providers under an outsourcing agreement,
• Authorized employees and collaborators,
• Companies providing marketing services for the Administrator.

Your personal data will be processed for no longer than necessary for the purposes specified in applicable regulations (e.g., accounting laws). For marketing data, processing will not exceed 3 years.

You have the right to request the following from the Administrator:

• Access to your personal data,
• Rectification,
• Erasure,
• Restriction of processing,
• Data portability.

You may object to the processing of your personal data for legitimate interests pursued by the Administrator, including profiling, unless there are compelling legal grounds for the processing.

You can lodge a complaint with the President of the Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warsaw, Poland.

Providing personal data is voluntary but necessary to use the website’s services. Automated decision-making, including profiling, may be applied for service delivery and direct marketing.

Personal data is not transferred outside the EU.

5. Information in Forms

• Data entered in forms is provided voluntarily and may include personal data.
• The website may save connection parameters (timestamp, IP address).
• In some cases, data in forms may be linked to the user’s email address.
• Data is processed for purposes indicated by the specific form, e.g., service requests or contact inquiries.

6. Administrator Logs

User behavior on the website may be logged for administrative purposes.

7. Important Marketing Techniques

• Google Analytics: Statistical analysis of website traffic is performed using Google Analytics, which uses cookies. No personal data is shared with Google.
• Facebook Pixel: Facebook (Meta Inc.) technology tracks user behavior if they are registered on Facebook. No additional personal data is shared by the Operator.

8. Cookie Information

The website uses cookies, which are text files stored on the user’s device. Cookies are used for purposes such as:

• Maintaining user sessions,
• Supporting marketing techniques mentioned earlier.

The website uses both session cookies (temporary) and persistent cookies. Users can manage cookies via their browser settings.

9. Managing Cookies – Expressing and Withdrawing Consent

Users can adjust browser settings to manage cookie preferences. Instructions for popular browsers include:

1. 1. Edge
   2. Internet Explorer
   3. Chrome
   4. Safari
   5. Firefox
   6. Opera

   For mobile devices:

   1. Android
   2. Safari (iOS)
   3. Windows Phone