The rules for the processing of personal data in connection with the use of the Website

In order to ensure the safety of Users and to explain the need, necessity and manner of processing and protection of personal data as well as other information regarding Users, the Website introduces a privacy policy (hereinafter: "Privacy Policy") with the following content:

§ 1

General provisions

1. All terms written with a capital letter and not defined otherwise have the meaning given to them in the content of the Regulations for the use of the Zalamo.com Website by the Clients.
2. The Controller of personal data processed on the Website to provide Controller’s Services are Richard Lucas and Andrzej Błaszczyk – co - founders of the Zalamo R. Lucas, A. Błaszczyk s.c., Tadeusza Romanowicza St. 4, zip-code 30-702 Kraków, NIP 6793121479, REGON 363532030.
3. The Controller makes an effort to maintain the confidentiality and privacy of entrusted data. This Privacy Policy formulates current policies and policies regarding the protection and processing of personal data received directly from the Users or indirectly, to the extent that they are protected by applicable law on the territory of the Republic of Poland.
4. For the purposes of the Privacy Policy, "Personal Data" is understood to mean all information about an identified or identifiable - directly or indirectly - a natural person, in particular based on data such as: name and surname, identification number, location data, internet identifier or one or several specific factors defining the physical, physiological, genetic, economic, cultural or social identity of a natural person.
5. For the purposes of the Privacy Policy, the "User" is understood to mean Photographers, Clients and / or third parties who, although they are not registered on the Website, in cases specified in the Regulations of use of the services of the Zalamo.com Website, can be end users of the services offered by the Photographers through the Website.

§ 2

Collection and processing of Personal Data. Security

1. In connection with the provision of Website services, the Controller may collect the following personal data:

1. Users' personal data collected in order to register an Account and process Orders: name, e-mail address, VAT number (pol. NIP) or personal identification number (pol. PESEL), business address and current correspondence address according to the entry in register of economic activity (so called CEIDG) or address of the place of residence (in case of a natural person , which does not conduct business), contact telephone;
2. Additional Personal Data provided by the User in order to perform the Order: name and surname of the Client, image fixed in photo, dates of the session, age, provided information recorded in the photos;
3. User's personal data provided in relation to the task of asking about the Controller's offer (contact form or e-mail address): name and surname, e-mail address, telephone number.

2. We will process all personal data provided to us in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU 2016 L 119, page 1) called GDPR, and in accordance with the other provisions of the applicable law for the following purposes:

1. proper performance of the contract - in this case, we mean maintaining the Account in our Website, enabling the submission of Orders and in some cases mediating in their implementation. For this purpose, we will process data at all times in which you will have an Account with us, and in the case of paid services, also until their complete settlement;
2. if you have given us your consent - we will process your data also for marketing purposes - thanks to this you can receive information about promotions and marketing campaigns carried out by us;
3. fulfilment of obligations resulting from legal regulations - we must store some of your data for purposes resulting from the Accounting Act or tax laws - for this purpose, we will store necessary data related to completed orders for 5 years from the end of the year in which the order was realized and in case of initiating proceedings or controls by the appropriate bodies - until their completion.

3. The data provided in order to perform the contract (setting up the Account and execution of the Orders) are transferred voluntarily, however, the failure of transfer prevents the conclusion and proper performance of the contract (registration on the Website and placing orders).
4. We may transfer personal data to other recipient, in particular the following once: entities providing services to the Controller, in particular in the field of accounting and bookkeeping, IT services, providing promotion and marketing services, laboratories, employees of the Controller within the authorization to process personal data in a specified purpose and within a specific processing activity.
5. Users' personal data will be kept for the entire duration of the contract (having an Account on the Website), and after its termination or expiration to the extent it is necessary for the performance of the legal obligations upon the Controller.
6. The data referred to in par. 1 letter a) will be stored only for the purpose of the contract and until the Agreement expires or is terminated (deleting the Account from the Website), and until the claims related to the performance of the Contract are time-barred.
7. The data provided only for the purpose of contact (via the form placed on the Website or by sending an e-mail) will be stored only for the purpose of answering the query and for archiving for a period of 6 months from the date of the inquiry.
8. Due to the justified legal interest of the Controller, the data provided to us may be processed for direct marketing purposes for the duration of the Agreement, and after its termination or expiration - with your consent referred to in paragraph. 1 lit. b) until its revocation, but no longer than for a period of two years from the termination or expiration of the Agreement.
9. If you provided us with your data for purposes other than direct marketing, the data provided to us will be processed for this purpose with your consent until the moment of its cancellation, but not longer than for two years from the termination or expiration of the Agreement.
10. At any time, you can withdraw your consent to use your data such as phone or e-mail address for marketing purposes - all you need to do is log in to your account and click the appropriate box. You can also do it via email or by sending us a chat request inside the application.
11. At any time you have the right to access your data and correct and rectify it, and - to the extent resulting from the provisions - to remove it (right to be forgotten), limit processing, object to their processing, you also have the right to request a transfer your data to another Controller. You also have the right to lodge a complaint with the supervisory body competent for processing - from 25 May 2018, the President of the Office for the Protection of Personal Data.  
12. The Controller undertakes to:

1. to take all reasonable steps to ensure that Personal Data that is incorrect in view of the purposes of its processing are immediately removed or corrected;
2. storing Personal Data in a form that permits the identification of the data subject for no longer than is necessary for the purposes for which the data is processed; unless they are processed solely for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes;
3. processing of Personal Data in a manner ensuring adequate security, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical and organizational measures.

13. The Controller processes Personal Data and Confidential Information in the manner referred to in par. 11 letter c) above, in particular through:

1. application of technical and organizational measures to ensure protection of Personal Data processed in relation to threats and categories of data subject to protection; 
2. protecting Personal Data from making it available to unauthorized person, being taken by unauthorized person, processing in violation of the provisions of law and from change, loss, damage or destruction;
3. keeping documentation describing the processing of Personal Data and security measures referred to above;
4. admission to processing of Personal Data only to persons having appropriate authorization;
5. providing control over what Personal Data, when and by whom were entered into the set and to whom they are transferred;
6. keeping records of persons authorized to process Personal Data.

14. Personal Data and Confidential Information are processed and used also in the legally justified interest of the Controller, that is to:

1. make market research and statistical surveys conducted for the needs of the Website;
2. administering the Website, improving its functionality and improving the quality of provided services;
3. contacting Users in matters related to the account, troubleshooting, resolving disputes, recovering debts and taking other actions related to the operation of the User through available channels of communication;
4. enforcing compliance with the Client's Regulations and Photographer's Regulations and combating fraud and abuse;
5. improve the security of processing Personal Data;

- whereas processing for these purposes takes place only in the period in which Personal Data is also processed in one of the purposes indicated in par. 1.

§ 5

Collection of anonymous data

1. The Controller does not record any private data of Users made available or transmitted in connection with the use of the Website.
2. During the use of the Website, only technical information such as the type of web browser, operating system, number and dates of User's visits and the history of activity on the Website are automatically registered. The indicated data may be used only for statistical purposes related to the functioning of the Website.
3. Some areas of the Website may use cookies, i.e. text files stored on the user's device, identifying it in a manner necessary to enable some Website functions. The indicated files do not collect or process any Users' Personal Data.
4. In most known browsers, it is possible to restrict or block the use of cookies, however, in some cases this may result in limiting the functionality of the sites.
5. Detailed rules for the operation of cookies are regulated by the Cookie Policy, available here .

§ 6

Changes and updating of Personal Data

1. The User may at any time request changing, updating or deleting his Personal Data by sending relevant information using the online chat posted on the Website.
2. The User may at any time obtain information from the Controller about the Personal Data processed by him and use all control rights in accordance with the generally applicable laws in this area.

§ 7

Comments and questions

Questions, comments or complaints regarding the Privacy Policy, Personal Data or any part of the Website should be directed to support@zalamo.com.

§ 8

Final Provisions

1. This Privacy Policy shall enter into force on May 24, 2018.
2. The Controller may change the Privacy Policy if it is necessary in order to improve the quality of the Services offered, adjust its provisions to new or changed Website functionalities and if it is required by generally applicable laws. Provisions regarding amendments to the Regulations shall apply accordingly.
3. In matters not covered by the Privacy Policy, the provisions of the Civil Code and the GDPR shall apply.