This Privacy Policy demonstrates our commitment to the rights of visitors to the website and users of the services offered through it. It also fulfills the information obligation arising from Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L119 of 4.05.2016, p. 1) (hereinafter referred to as GDPR).

The website owner attaches particular importance to respecting the privacy of website users. Data obtained through the website is particularly protected and secured against unauthorized access. This Privacy Policy is made available to all interested parties. The website is open to the public.

The website owner ensures that its primary goal is to provide users of the website with privacy protection at a level at least corresponding to the requirements set by applicable law, and in particular by the provisions of the GDPR and by the Act of 18 July 2002 on the provision of electronic services.

The website owner may collect personal data and other types of data. The collection of this data occurs, depending on its nature, automatically or as a result of actions taken by visitors to the website.

Anyone using the website in any way accepts all principles contained in this Privacy Policy. The website owner reserves the right to make changes to this document.

1. General Information, Cookies
   
   1. The owner and operator of the website is Primary School No. 112 of the Family Covenant, named after St. John Paul II, located in Warsaw, address: Marii Grzegorzewskiej 10, 02-778 Warsaw, NIP number: 9511737597, REGON number: . In accordance with GDPR regulations, the website owner is also the Personal Data Administrator for website users (“Administrator”).
   2. In the course of its activities, the Administrator uses cookies to monitor and analyze traffic on the website pages, as well as to undertake remarketing activities. However, within these activities, the Administrator does not process personal data as defined by the GDPR.
   3. The website collects information about website users and their behavior in the following ways:
      1. the website automatically collects information contained in cookies.
      2. through data voluntarily entered by website users in forms available on the website pages.
      3. through automatic collection of web server logs by the hosting operator.
   4. Cookies (so-called “cookies”) are IT data, in particular text files, which are stored on the end device of the website user and are intended for using the website’s web pages. Cookies usually contain the name of the website they come from, their storage time on the end device, and a unique number.
   5. During a visit to the website, data about website users may be automatically collected, concerning the user’s visit to the website and including, among others, IP address, type of web browser, domain name, number of page views, type of operating system, visits, screen resolution, number of screen colors, addresses of websites from which the website was entered, and time spent on the website. This data is not personal data and does not allow for the identification of the person using the website.
   6. The website may contain links to other websites. The website owner is not responsible for the privacy policies applicable on these sites. At the same time, the website owner encourages website users to familiarize themselves with the privacy policy established on those websites. This Privacy Policy does not apply to other websites.
   7. The entity placing cookies on the website user’s end device and accessing them is the website owner.
   8. Cookies are used for the purpose of:
      1. adapting the content of the website pages to the website user’s preferences and optimizing the use of the website pages; in particular, these files allow recognition of the website user’s device and appropriate display of the website, tailored to their individual needs,
      2. creating statistics that help understand how website users use the website pages, which enables improving their structure and content,
      3. maintaining the website user’s session (after logging in), thanks to which they do not have to re-enter their login and password on each subpage of the website.
   9. The following types of cookies are used on the website:
      1. “essential” cookies, enabling the use of services available on the website, e.g., authentication cookies,
      2. cookies used to ensure security, e.g., used to detect abuses,
      3. “performance” cookies, used to collect information about how website users use the website pages,
      4. “advertising” cookies, enabling the delivery of advertising content to website users that is more tailored to their interests,
      5. “functional” cookies, enabling the website to “remember” the settings selected by the website user and adapt the website to the website user, e.g., in terms of the selected language.
   10. The website uses two main types of cookies: “session” cookies and “persistent” cookies. “Session” cookies are temporary files stored on the end device until the website is left, the website user logs out, or the software (web browser) is turned off. “Persistent” cookies are stored on the website user’s end device for a period specified in the cookie parameters or until they are deleted by the website user.
   11. In most cases, software used for browsing websites by default allows the storage of cookies on the website user’s end device. Website users have the option to change cookie settings at any time. These settings can be changed in the web browser (software) options, including in a way that prevents the automatic handling of cookies or forces the website user to be informed each time cookies are placed on their device. Detailed information about the possibilities and methods of handling cookies is available in the web browser settings.
   12. Restrictions on the use of cookies may affect some functionalities available on the website pages.
   13. Cookies placed on the website user’s end device may also be used by advertisers and partners cooperating with the website owner.
2. Processing of personal data, information about forms
   1. Website users’ personal data may be processed by the Administrator:
      1. if the website user gives consent in the forms provided on the website, in order to take actions related to these forms (Art. 6(1)(a) GDPR) or
      2. when processing is necessary for the performance of a contract to which the website user is a party (Art. 6(1)(b) GDPR), in cases where the website allows for the conclusion of a contract between the Administrator and the website user.
   2. The website processes personal data that is voluntarily provided by website users. The Administrator processes website users’ personal data only to the extent necessary for the purposes specified in point 1(a) and (b) above and for the period necessary to achieve these purposes, or until the website user withdraws consent. Failure to provide data by the website user may, in some situations, result in the inability to achieve the purposes for which the provision of data is necessary.
   3. Within the forms available on the website or for the purpose of performing contracts that can be concluded through the website, the following personal data of the website user may be collected: first name, last name, address, email address, phone number, login, password.
   4. Data contained in forms, provided to the Administrator by the website user, may be transferred by the Administrator to third parties cooperating with the Administrator in connection with the achievement of the purposes specified in point 1(a) and (b) above.
   5. Data provided in the forms on the website are processed for purposes resulting from the function of the specific form, and may also be used by the Administrator for archival and statistical purposes. Consent of the data subject is expressed by checking the appropriate box in the form.
   6. The website user, if the website has such functionalities, by checking the appropriate box in the registration form, may refuse or consent to receive commercial information by electronic means of communication, in accordance with the Act of 18 July 2002 on the provision of electronic services (Journal of Laws of 2002, No. 144, item 1024 as amended). If the website user has consented to receive commercial information by electronic means of communication, they have the right to withdraw such consent at any time. The exercise of the right to withdraw consent to receive commercial information is carried out by sending an appropriate request by email to the website owner, along with the website user’s first and last name.
   7. Data provided in the forms may be transferred to entities technically performing certain services – this particularly applies to the transfer of information about the owner of a registered domain to entities that are internet domain operators (in particular, Naukowa i Akademicka Sieć Komputerowa j. b. r. – NASK), payment processing services, or other entities with whom the Administrator cooperates in this regard.
   8. Website users’ personal data is stored in a database where technical and organizational measures ensuring the protection of processed data in accordance with the requirements specified in relevant regulations have been applied.
   9. To prevent re-registration of individuals whose participation in the website has been terminated due to unauthorized use of website services, the Administrator may refuse to delete personal data necessary to block the possibility of re-registration. The legal basis for refusal is Article 19(2)(3) in conjunction with Article 21(1) of the Act of 18 July 2002 on the provision of electronic services (consolidated text of 15 October 2013, Journal of Laws of 2013, item 1422). The Administrator’s refusal to delete website users’ personal data may also occur in other cases provided for by law.
   10. In cases provided for by law, the Administrator may disclose some personal data of website users to third parties for purposes related to the protection of third-party rights.
   11. The Administrator reserves the right to send all website users electronic mail with notifications about important changes on the website and changes to this Privacy Policy. The Administrator may send commercial electronic mail, especially advertisements and other content of a commercial information nature, if the website user has consented to it. Advertisements and other content of a commercial information nature may also be attached to incoming and outgoing emails from the system account.
3. Rights of website users regarding their personal data. In accordance with Articles 15 – 22 of the GDPR, every website user has the following rights:
   1. Right of access to data (Art. 15 GDPR) The data subject has the right to obtain from the Administrator confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data. In accordance with Art. 15, the Administrator shall provide the data subject with a copy of the personal data undergoing processing.
   2. Right to rectification (Art. 16 GDPR) The data subject has the right to obtain from the Administrator without undue delay the rectification of inaccurate personal data concerning him or her.
   3. Right to erasure (“right to be forgotten”) (Art. 17 GDPR) The data subject has the right to obtain from the Administrator the erasure of personal data concerning him or her without undue delay, and the Administrator shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
      1. personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
      2. the data subject withdraws consent on which the processing is based;
      3. the data subject objects pursuant to Article 21(1) to the processing and there are no overriding legitimate grounds for the processing;
   4. Right to restriction of processing (Art. 18 GDPR) The data subject has the right to obtain from the Administrator restriction of processing where one of the following applies:
      1. When the data is inaccurate – for a period enabling the Administrator to verify the accuracy of the personal data.
      2. The data subject has objected pursuant to Article 21(1) to processing – pending the verification whether the legitimate grounds of the Administrator override those of the data subject.
      3. The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
   5. 5. Right to data portability (Art. 20 GDPR) The data subject has the right to receive the personal data concerning him or her, which he or she has provided to an Administrator, in a structured, commonly used and machine-readable format and has the right to transmit those data to another administrator without hindrance from the Administrator to which the personal data have been provided. The data subject shall have the right to have the personal data transmitted directly from one Administrator to another, where technically feasible. The right referred to in this point shall not adversely affect the rights and freedoms of others.
   6. 6. Right to object (Art. 21 GDPR) Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

   The exercise of the above rights of website users may be subject to a fee in cases where relevant legal provisions so provide. In the event of a violation of the above rights or if a website user finds that their personal data is being processed by the Administrator in violation of applicable law, the website user has the right to lodge a complaint with the supervisory authority.

4. Server Logs
   1. In accordance with the accepted practice of most websites, the website operator stores HTTP requests directed to the website operator’s server (information about certain behaviors of website users is logged at the server level). Browsed resources are identified by URL addresses. The exact list of information stored in web server log files is as follows:
      1. the public IP address of the computer from which the request came,
      2. the name of the client station – identification performed by the HTTP protocol if possible,
      3. the website user’s name provided during the authorization (login) process,
      4. the time the request arrived,
      5. the HTTP response code,
      6. the number of bytes sent by the server,
      7. the URL address of the page previously visited by the website user (referer link) – in case the entry to the website occurred via a link,
      8. information about the website user’s web browser,
      9. information about errors that occurred during the execution of the HTTP transaction.

      The above data is not associated with specific individuals browsing the pages available on the website. To ensure the highest quality of service, the website operator occasionally analyzes log files to determine which pages on the website are visited most frequently, which web browsers are used, whether the page structure contains errors, etc.

   2. Logs collected by the operator are stored indefinitely as auxiliary material, used for proper website administration. The information contained therein will not be disclosed to any entities other than the operator or entities related to the operator personally, financially, or contractually. Based on the information contained in these files, statistics can be generated to assist in website administration. Summaries containing such statistics do not contain features identifying visitors to the website.