PRIVACY POLICY

Using the website https://kartek.pl/ means acceptance of the following Privacy Policy and Cookie Policy terms.

As a User, please familiarize yourself with its provisions. It explains how we take care of Users’ Data, how we process it, to whom we entrust it, and many other important matters related to personal data.

§1 GENERAL PROVISIONS

1. This Privacy Policy and Cookie Policy define the rules for the processing and protection of personal data provided by Users, as well as Cookies and other technologies used on the website operating under the name and link https://kartek.pl/.
2. The administrator of the Website and the personal data provided through it is KARTEK SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, with its registered office at 34-220 Maków Podhalański, Białka 601, entered into the Register of Entrepreneurs of the National Court Register under KRS number: 0000975441, NIP: 5520002723, REGON: 07048247300000, in accordance with the information corresponding to the current extract from the Register of Entrepreneurs contained in the Central Information of the National Court Register, represented by Arkadiusz Mołek – President of the Management Board.
3. The Administrator processes personal data in accordance with the currently applicable provisions of law, in particular in compliance with the GDPR and the Personal Data Protection Act.
4. The Administrator makes every effort to ensure respect for Users’ privacy and the protection of their interests, in particular by ensuring that personal data collected by the Administrator via the Website are processed solely for specified purposes and are not subject to further processing incompatible with those purposes.
5. Users’ personal data are collected and processed only on the basis of appropriate legal grounds, and the scope of the data depends on the type of service provided and is limited to what is necessary.
6. In the event of any doubts regarding the provisions of this Privacy Policy and Cookie Policy, please contact the Administrator via email at: kartek@kartek.pl.
7. The Administrator reserves the right to make changes to the Privacy Policy and Cookie Policy, and each User of the Website is obliged to be familiar with the current version of the Privacy Policy and Cookie Policy. The reasons for changes may include: the development of internet technologies, changes in generally applicable law, or the development of the Website, for example through the use of new tools by the Administrator. The publication date of the current Privacy Policy and Cookie Policy is indicated at the bottom of the Website.
8. This Policy also defines the terms of use of services provided by the Administrator, including the intermediary service, governing the relationship between the Administrator as the provider of the intermediary service and the recipient of the services referred to in §11 of this Policy.
9. Other definitions, procedures, obligations, and rights arising from the Digital Services Act (DSA) are described in §11 of this Policy and constitute an integral part thereof.
10. Terms used in this Privacy Policy and Cookie Policy and written with capital letters have the meaning assigned to them in §2 of the Privacy Policy.

§2 DEFINITIONS

1. Administrator – KARTEK SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, with its registered office at 34-220 Maków Podhalański, Białka 601, entered into the Register of Entrepreneurs of the National Court Register under KRS number: 0000975441, NIP: 5520002723, REGON: 07048247300000, in accordance with the information corresponding to the current extract from the Register of Entrepreneurs contained in the Central Information of the National Court Register, represented by Arkadiusz Mołek – President of the Management Board.
2. User – any entity present on the Website and using it.
3. Website – the website available at https://kartek.pl/.
4. Personal Data – any information relating to an identified or identifiable natural person, i.e. name and surname, identification number, location data, online identifier, or one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural, or social identity of a natural person.
5. Consent – a freely given, specific, informed, and unambiguous indication of the User’s wishes, by which the User, in the form of a statement or a clear affirmative action, consents to the processing of their Personal Data.
6. Form or Forms – places on the Website that allow the User to enter Personal Data for the purposes indicated therein, e.g. for sending a Newsletter, placing an order, or contacting the User.
7. Service – a set of cooperating IT devices and software ensuring the processing, storage, sending, and receiving of data via telecommunications networks using an appropriate end device for a given type of network (Internet), including the Website or its part, the Shop or its part, applications including mobile applications, and other services of the Administrator, social media, and the Administrator’s channels operating within those media.
8. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
9. DSA – Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services and amending Directive 2000/31/EC (Digital Services Act).
10. Personal Data Protection Act – the Act of 10 May 2018 on the protection of personal data (Journal of Laws 2019, item 1781, as amended).
11. Act on the Provision of Electronic Services – the Act of 18 July 2002 on the provision of electronic services (Journal of Laws 2020, item 344, as amended).
12. Telecommunications Law Act – the Act of 16 July 2004 – Telecommunications Law (Journal of Laws 2024, item 34, as amended).

§3 PERSONAL DATA AND PRINCIPLES OF THEIR PROCESSING

WHO IS THE CONTROLLER OF THE USER’S PERSONAL DATA?

The controller of the User’s personal data is KARTEK SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, with its registered office at 34-220 Maków Podhalański, Białka 601, entered into the Register of Entrepreneurs of the National Court Register under KRS number: 0000975441, NIP: 5520002723, REGON: 07048247300000, in accordance with the information corresponding to the current extract from the Register of Entrepreneurs contained in the Central Information of the National Court Register, represented by Arkadiusz Mołek – President of the Management Board.

IS PROVIDING DATA VOLUNTARY? WHAT ARE THE CONSEQUENCES OF NOT PROVIDING IT?

Providing data is voluntary; however, failure to provide certain information, generally marked on the Administrator’s pages as mandatory, will result in the inability to perform a given service, achieve a specific purpose, or take certain actions.

Providing by the User of data that are not mandatory or providing excess data that the Administrator does not need to process is based on the User’s own decision, and in such cases the processing is carried out on the basis of the premise set out in Article 6(1)(a) of the GDPR (consent). The User gives consent to the processing of such data and to the anonymization of data that the Administrator does not require and does not intend to process, but which the User nevertheless provided to the Administrator.

FOR WHAT PURPOSES AND ON WHAT LEGAL GROUNDS DOES THE ADMINISTRATOR PROCESS THE USER’S PERSONAL DATA PROVIDED WHEN USING THE WEBSITE?

The User’s personal data on the Administrator’s Website may be processed for the following purposes and on the following legal grounds:

Providing by the User of data that are not mandatory or of excess data that the Administrator does not need to process is based on the User’s own decision. In such cases, processing is carried out on the basis of Article 6(1)(a) of the GDPR (consent). The User gives consent to the processing of this data and to the anonymization of data that the Administrator does not require and does not intend to process, but which the User nevertheless provided to the Administrator.

HOW ARE DATA COLLECTED?

Only the Data that the User provides themselves is collected and processed (except – in certain situations – Data collected automatically via cookies and login information, as described below).

During a visit to the website, Data regarding the visit itself is automatically collected, such as the User’s IP address, domain name, browser type, operating system type, etc. (login data). Automatically collected Data may be used to analyze User behavior on the website, gather demographic information about Users, or personalize website content to improve it. However, this Data is processed solely for the purposes of website administration, ensuring efficient hosting services, or directing marketing content and is not linked to individual Users’ Data. More information about cookies can be found later in this Policy.

Data may also be collected for the purpose of completing forms available on the Website, as described later in the Privacy Policy.

Information society services

The Administrator does not collect Data from children. A User must be at least 16 years old to independently give Consent for the processing of Personal Data for the provision of information society services, including for marketing purposes, or must obtain Consent from a legal guardian (e.g., a parent) for this purpose.

If a User is under 16 years old, they should not use the Website or the service at https://kartek.pl/.

The Administrator is entitled to make reasonable efforts to verify whether the User meets the age requirement mentioned above, or whether the person with parental authority or guardianship over a User under 16 has given or approved the Consent.

WHAT ARE THE USER’S RIGHTS?

The User has, at any time, the rights set out in Articles 15–21 of the GDPR, namely:

• the right to access the content of their Data,
• the right to data portability,
• the right to correct Data,
• the right to rectify Data,
• the right to delete Data if there is no legal basis for its processing,
• the right to restrict processing if it has been carried out unlawfully or without a legal basis,
• the right to object to the processing of Data based on the Administrator’s legitimate interest,
• the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office (under the rules set out in the Personal Data Protection Act) if they believe that the processing of their Data violates applicable legal provisions,
• the right to be forgotten if further processing is not permitted under applicable law.

The Administrator emphasizes that these rights are not absolute and do not apply to all processing activities of the User’s Personal Data. This applies, for example, to the right to obtain a copy of the data. This right cannot adversely affect the rights and freedoms of others, such as copyright or professional secrecy. To learn about the limitations of the User’s rights, please refer to the GDPR.

The User always has the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, tel. 22 531-03-00, e-mail: kancelaria@uodo.gov.pl, if they believe that the processing of personal data violates the GDPR or other applicable regulations concerning the processing of Personal Data.

To exercise their rights, the User may contact the Administrator via e-mail at kartek@kartek.pl or by mail to the address of the Administrator’s place of business, if provided in this Privacy Policy, specifying the scope of their request. A response will be provided no later than 30 days from the date the request and its justification are received, unless an extension of this period is justified in accordance with the GDPR.

CAN THE USER WITHDRAW GIVEN CONSENT?

If the User has given Consent for a specific action, such Consent may be withdrawn at any time, which will result in the removal of their e-mail address from the Administrator’s mailing list and the cessation of the specified actions (in the case of subscription based on Consent). The User may withdraw their Consent by sending a statement to the Administrator’s e-mail address or to the address of the Administrator’s place of business, if provided in this Privacy Policy. Withdrawal of Consent does not affect the processing of data carried out based on the Consent before its withdrawal.

In some cases, Data may not be completely deleted and will be retained to defend against potential claims for a period in accordance with the Civil Code or, for example, to fulfill legal obligations imposed on the Administrator.

In each case, the Administrator will respond to the User’s request, providing appropriate justification for any further actions required by legal obligations.

DOES THE ADMINISTRATOR TRANSFER USER DATA TO THIRD COUNTRIES?

User Data may be transferred outside the European Union – to third countries.

Because the Administrator uses external service providers, such as Google, User Data may be transferred to the United States of America (USA) in connection with their storage on American servers (in whole or in part). Google, based on the European Commission’s implementing decision of July 10, 2023, issued under Regulation (EU) 2016/679 of the European Parliament and Council, confirming an adequate level of personal data protection under the EU–US data protection framework, has undergone a certification system and obtained a certificate ensuring Personal Data protection at the European Union level. Users’ Personal Data will be transferred only to recipients who guarantee the highest level of Data protection and security, including through:

1. cooperation with entities processing Personal Data in countries for which a relevant European Commission decision has been issued,
2. the use of standard contractual clauses issued by the European Commission,
3. the implementation of binding corporate rules approved by the competent supervisory authority,

or those to whom the User has given Consent to transfer their Personal Data.

Detailed information is available in the privacy policy of each of these service providers, accessible on their websites. For example:

Google Ireland Limited

Currently, services offered by Google Ireland Limited are primarily provided by entities located within the European Union. However, it is always necessary to review the privacy policy of these providers to obtain up-to-date information regarding the protection of Personal Data.

HOW LONG DOES THE ADMINISTRATOR RETAIN USER DATA?

User Data will be retained by the Administrator for the duration of the provision of specific services/achievement of the purposes indicated in the table above, and also:

1. for the duration of the service and cooperation, as well as for the limitation period of claims in accordance with the law – regarding Data provided by contractors, clients, or Users,
2. for the duration of discussions and negotiations prior to concluding a contract or providing a service – regarding Data submitted in an inquiry,
3. for the period required by law, including tax law – regarding Personal Data related to fulfilling obligations under applicable regulations,
4. until an objection is effectively lodged under Article 21 of the GDPR – regarding Personal Data processed based on the Administrator’s legitimate interest, including for direct marketing purposes,
5. until Consent is withdrawn or the processing/business purpose is achieved – regarding Personal Data processed based on Consent. After withdrawal of Consent, Data may still be processed to defend against potential claims according to the limitation period of such claims or a shorter period specified to the User,
6. until the Data becomes outdated or no longer useful – regarding Personal Data processed mainly for analytical, statistical, cookie use, and Administrator website management purposes.

The retention periods of Data indicated in years are calculated at the end of each year in which the Data processing began. This is intended to streamline the process of Data processing and management.

Detailed retention periods for Personal Data, regarding specific processing activities, are available in the Administrator’s register of processing activities.

LINKS TO OTHER WEBSITES

The Website may contain links to other websites. These links may open in a new browser window or in the same window. The Administrator is not responsible for the content provided by these websites. The User is obliged to review the privacy policy or terms of use of those sites.

DATA SECURITY

The User’s Personal Data is stored and protected with due diligence, in accordance with the internal procedures implemented by the Administrator. The Administrator processes information about the User using appropriate technical and organizational measures that comply with applicable laws, in particular the Personal Data Protection Act and the GDPR. These measures are primarily intended to safeguard Users’ Personal Data against access by unauthorized persons.

In particular, access to Users’ Personal Data is granted only to authorized persons who are obliged to keep this Data confidential, or to entities entrusted with the processing of Personal Data under a separate Data processing agreement.

The User should also exercise care in protecting their Personal Data transmitted over the Internet, in particular by not disclosing login credentials to third parties, using antivirus protection, and keeping software up to date.

WHO MAY BE THE RECIPIENTS OF PERSONAL DATA?

The Administrator informs that it uses the services of external entities. Entities entrusted with the processing of Personal Data (such as courier companies or accounting service providers) guarantee the use of appropriate measures for the protection and security of Personal Data as required by law, in particular by the GDPR.

The Administrator informs the User that it entrusts the processing of Personal Data, among others, to the following entities:

1. PRINTSOFT Maciej Chorzępa, ul. Rynek 12a, 34-700 Rabka-Zdrój, NIP: 7352566879, REGON: 122644326 – for the purpose of storing Personal Data on the server, managing the domain, and email server,
2. other contractors or subcontractors engaged in technical or administrative support, or providing legal, accounting, HR, IT, graphic, or copywriting assistance to the Administrator and its clients, including debt collection agencies, lawyers, etc.

Personal Data may also be shared with other recipients, such as authorities (e.g., the tax office) – for the purpose of fulfilling legal and tax obligations related to accounting and settlements.

Entities that process Personal Data, like the Administrator, ensure compliance with European standards for the protection of Personal Data, including standards set by legal acts and European Commission decisions, and apply compliance mechanisms when transferring Data outside the EEA, including standard contractual clauses adopted by the European Commission under Decision 2021/915 of June 4, 2021, on standard contractual clauses between controllers and processors pursuant to Article 28(7) of Regulation (EU) 2016/679 and Article 29(7) of Regulation (EU) 2018/1725. Here you can find the European Commission’s implementing decision.

HAS THE ADMINISTRATOR APPOINTED A DATA PROTECTION OFFICER?

The Personal Data Administrator hereby informs that no Data Protection Officer (DPO) has been appointed and that it independently carries out the duties related to the processing of Personal Data.

The User acknowledges that their Personal Data may be disclosed to authorized state authorities in connection with proceedings conducted by them, upon their request and after meeting the conditions confirming the necessity of obtaining such Data from the Administrator.

DOES THE ADMINISTRATOR PROFILE USER DATA?

The User’s Personal Data will not be used for automated decision-making that affects the User’s rights, obligations, or freedoms within the meaning of the GDPR.

Within the Website and tracking technologies, User Data may be profiled to help better personalize the company’s offer directed to the User (mainly through so-called behavioral advertising). However, this should not affect the User’s legal situation, in particular the terms of contracts they have concluded or intend to conclude. It may only help better tailor content and targeted ads to the User’s interests. The information used is anonymous and is not linked to Personal Data provided by the User, for example, during a purchase. It is based on statistical data such as gender, age, interests, approximate location, and behavior on the Website.

Every User has the right to object to profiling if it would have a negative impact on the User’s rights and obligations.

More information about behavioral advertising can be found here.

§4 FORMS

The Administrator uses the following types of Forms on the Website:

1. Contact/Quotation Form – allows sending a message to the Administrator and contacting them electronically. Personal Data, including company name, first name, last name, e-mail address, phone number, and any data provided in the message content, is processed by the Administrator in accordance with this Privacy Policy for the purpose of contacting the User.

After contact with the User ends, the Data may be archived, which constitutes a legally justified interest of the Administrator. The Administrator cannot specify the exact period of archiving or deletion of the messages. However, the maximum period will not exceed the limitation periods for claims under applicable law.

The Administrator may entrust the processing of Personal Data to third parties without separate User Consent (based on a processing agreement). Data obtained from forms may not be shared with third parties.

§5 REVIEWS – FUNCTIONING WITHIN THE WEBSITE

The Website displays reviews from clients and/or individuals who have used the services of KARTEK.

Reviews may appear in various locations and subpages of the Website. They may also link to external tools or services displaying client reviews, e.g., a Google business profile. Reviews may be presented in different formats, such as video, PDF, written reviews with partially visible personal data, or without any personal data.

Anyone using the services can leave a review and, by doing so, gives consent for its publication on the Website and for purposes specified by KARTEK.

The Data Administrator makes every effort to ensure that reviews displayed on the Website and subpages are reliable and come from actual clients who have used the company’s services. Reasonable and proportionate steps are taken to verify that reviews originate from clients. These steps include attempts to obtain consent for marketing use beyond the Website, permission to publish selected or all reviews, or checking whether a review comes from a client who actually used the services.

KARTEK ensures the credibility of reviews posted on its Website. When a new review appears, the company takes steps to verify it by contacting the author via private message or phone. This direct contact confirms whether the review was genuinely submitted by a client. This process ensures the authenticity of all published reviews.

If a review raises doubts, it is not displayed on the Website. A person whose review was not published or was removed by the Administrator can contact KARTEK to clarify the situation and determine the reasons.

KARTEK is not obliged to publish reviews on the Website and is entitled to remove them if it deems this justified. The company may also choose to publish selected reviews.

KARTEK does not use purchased, sponsored, or barter-obtained reviews, does not post or commission false reviews or recommendations, and does not distort reviews or recommendations to promote services on the Website.

§6 DISCLAIMER AND COPYRIGHTS

1. The content presented on the Website does not constitute specialized advice or guidance (e.g., educational) and does not relate to any specific factual situation. If the User wishes to obtain assistance in a particular matter, they should contact a person authorized to provide such advice or the Administrator using the provided contact information. The Administrator is not responsible for the use of content on the Website or for actions or omissions taken based on it.
2. All content placed on the Website is subject to copyright by specified individuals and/or the Administrator (e.g., photos, texts, other materials, etc.). The Administrator does not grant permission to copy such content, in whole or in part, without explicit prior consent.
3. The Administrator hereby informs the User that any dissemination of content provided by the Administrator constitutes a violation of the law and may entail civil or criminal liability. The Administrator may also seek appropriate compensation for material or non-material damages in accordance with applicable law.
4. The Administrator is not responsible for the use of materials available on the Website in an unlawful manner.
5. Content on the Website is current as of the date of publication, unless stated otherwise.

§7 TECHNOLOGIES

To use the Administrator’s website, it is necessary to have:

1. access to the Internet from a device such as a desktop computer, laptop, or other portable device, including equipment that allows communication and completion of necessary forms within the service, e.g., a functioning keyboard,
2. a properly configured, up-to-date web browser that supports cookies, e.g., Microsoft Edge, Opera, Mozilla Firefox, Safari, Google Chrome, and enables browsing of websites,
3. an active and properly configured e-mail account (the Administrator recommends that the User checks whether emails from the Website domain are not directed to “spam,” “offers,” or other folders instead of “inbox/main.” The Administrator has no control over this, as it depends on the User’s e-mail settings and/or e-mail service provider),
4. software that allows reading content in the provided formats, e.g., PDF, video, MP3, MP4.

§8 COOKIE POLICY

1. Like most websites, the Administrator’s Website uses tracking technologies, i.e., cookies, which allow the Website to be improved according to the needs of visiting Users.
2. The Website does not automatically collect any information, except for information contained in cookies.
3. Cookies are small text files stored on the end device, e.g., computer, tablet, or smartphone, when the User uses the Website.
4. These can be first-party cookies (originating directly from the Website) or third-party cookies (originating from other websites than the Website).
5. Cookies allow the Website content to be tailored to the individual needs of the User and other visitors. They also enable the creation of statistics showing how Users interact with and navigate the Website. This allows the Administrator to improve the Website, its content, structure, and appearance.
6. The Administrator uses the following third-party cookies on the Website:
   

a) Built-in Google Analytics code – for analyzing Website statistics. Google Analytics uses its own cookies to track Users’ actions and behavior on the Website. These cookies store information, such as the page from which the User arrived at the current website, and help improve the Website.

This tool is used under an agreement with Google Ireland Limited and is provided by Google LLC. Activities carried out through the use of the Google Analytics code are based on the Administrator’s legitimate interest in creating and using statistics, which in turn allows for improving the Administrator’s services and optimizing the Website.

When using the Google Analytics tool, the Administrator does not process any User Data that would allow identification of the User.

The Administrator recommends reviewing the details regarding the use of Google Analytics, the option to disable the tracking code, and, if necessary, contacting the tool’s provider here or reviewing the privacy policy at this link.

b) Google Search Console – to monitor and improve the performance of our website, we use Google Search Console, a tool provided by Google Inc. (“Google”), which provides us with data and analysis regarding our site’s presence in Google search results, enabling us to optimize and enhance the accessibility and visibility of our website online.

Google Search Console helps us understand how Users find our website through Google and which queries direct them to our site. The tool also provides information about potential errors on the website, indexing issues, and recommendations for website optimization.

When using Google Search Console, the Administrator does not process any User Data that would allow identification of the User.

We encourage you to review Google’s privacy policies to learn more about how Google tools process data.

The Administrator again recommends reviewing the privacy policy of each of the above service providers to learn about options for making changes and settings that ensure the protection of the User’s rights.

The Website uses two types of cookies: session cookies, which are deleted after closing the browser, logging out, or leaving the website, and persistent cookies, which are stored on the User’s device, allowing the browser to be recognized on subsequent visits to the Website, for the period specified in the cookie parameters or until deleted by the User.

In many cases, web browsing software (web browser) allows cookies to be stored on the User’s device by default. Users of the Website can change cookie settings at any time. These settings can be adjusted, in particular, to block automatic handling of cookies in the browser settings or to notify the User each time cookies are placed on the device. Detailed information on managing cookies is available in the browser’s settings.

The Administrator informs that restricting the use of cookies (disabling or limiting them) may affect certain functionalities of the Website and hinder its operation.

More information about cookies is available at http://wszystkoociasteczkach.pl/ or in the “Help” section of the web browser menu.

Through browser settings, the User can delete cookies from the Website or online store, or from the Administrator’s providers, by changing their browser settings at any time. The method of deleting cookies will vary depending on the User’s browser. Information on how to delete cookies is available in the “Help” section of the selected web browser.

Deleting cookies does not automatically delete Personal Data obtained by the Administrator through cookies.

§9 CONSENT TO COOKIES

Upon first visiting the Website, the User must give Consent to cookies or take other possible actions indicated in the notice to continue using the Website’s content. Using the Website constitutes giving Consent. If the User does not wish to give such Consent, they should leave the Website. The User can also change their browser settings at any time to disable or delete cookies. Necessary information is available in the “Help” section of the User’s browser.

§10 SERVER LOGS

1. Using the Website involves sending requests to the server where the Website is hosted.
2. Each request sent to the server is recorded in server logs. The logs include, among other things, the User’s IP address, server date and time, information about the web browser, and the operating system used by the User.
3. Logs are recorded and stored on the server.
4. Server logs are used for Website administration, and their content is not disclosed to anyone except persons and entities authorized to manage the server.
5. The Administrator does not use server logs in any way to identify the User.

§11 DEFINITIONS, PROCEDURES, DUTIES, AND RIGHTS RELATED TO THE DSA

1. This paragraph of the Privacy Policy provides information on all restrictions imposed by the Administrator in connection with the use of its services, regarding information submitted by service Recipients, including, among others: information on policies, procedures, measures, and tools used for content moderation, including algorithmic decision-making and human review, as well as internal complaint-handling rules, any significant changes to service terms, and mechanisms for reporting Illegal Content. The Administrator provides this information and the terms of service in a clear and understandable manner. The Administrator designs, organizes, and operates its Websites (and interfaces) in a way that does not mislead or manipulate Users, or otherwise significantly interfere with or limit Users’ ability to make free and informed decisions.
2. The Administrator is a provider of intermediary Services under the DSA, offering:
3. a) hosting.
4. The intermediary services provided by the Administrator consist of enabling service Recipients to submit Content within the Service, such as:
5. a) reviews and ratings.
6. Definitions used in this paragraph and in the Terms of Service mean:
7. Administrator – as defined in §2(1) of the Privacy Policy, and also an entrepreneur, i.e., a natural or legal person, whether public or private, acting—including through a person acting on their behalf or for their account—for purposes related to their commercial, business, craft, or professional activity, providing the services referred to in this paragraph, including information society services within the Service.
8. Service Recipient – a Client, User, or person using intermediary or other information society services provided by the Administrator, including, for example, the Service or the Administrator’s social media, particularly for the purpose of seeking or sharing information.
9. Content – any information submitted by the User in any form within the Service, social media, or other platforms and spaces owned or moderated by the Administrator, particularly within the Service or made available through the functionality of these spaces.
10. Illegal Content – information that is unlawful under EU law or the law of any Member State consistent with EU law, regardless of the specific subject or nature of that law.
11. Content Moderation – actions, whether automated or carried out by the Administrator or cooperating intermediary service providers, aimed at detecting, identifying, and combating illegal content or information that violates the terms of service submitted by service Recipients. This includes measures affecting the availability, visibility, and reach of such content or information, such as demotion, demonetization, blocking access, or removal, or actions affecting the ability of service Recipients to submit such information, such as account closure or suspension.
12. Intermediary Service – one of the following information society services provided by the Administrator:
    i. “mere conduit” service, consisting of transmitting information provided by a service Recipient over a telecommunications network or providing access to a telecommunications network;
    ii. “caching” service, consisting of transmitting information provided by a service Recipient over a telecommunications network, including automatic, intermediate, and temporary storage of that information solely to facilitate subsequent transmission on request by other Recipients;
    iii. “hosting” service, consisting of storing information provided by a service Recipient and making it available at their request.
13. Online Platform – a hosting service that, at the request of a service Recipient, stores and publicly disseminates information unless such action is insignificant or purely incidental to another service or function, and cannot be used independently of that other service for objective and technical reasons. Incorporating such a feature or function into another service is not a means of circumventing DSA requirements.
14. Public Dissemination – making information available at the request of a service Recipient who submitted the information to a potentially unlimited number of third parties.

Contact Point

The Administrator designates the following single contact point for direct electronic communication with the authorities of Member States, the Commission, and the Digital Services Council via e-mail: kartek@kartek.pl. Communication may be conducted in Polish.

The Administrator designates the following single contact point for direct electronic communication with service Recipients via e-mail: kartek@kartek.pl. Communication may be conducted in Polish.

Illegal Content and Content Violating the Administrator’s Terms of Service

The User may not submit the following Content within the Service, Online Platform, or the Administrator’s Social Media:

• Content that is Illegal or violates the Privacy Policy,
• Content containing profanity, hate speech targeting third parties, or spam,
• Content contrary to good manners, in particular offensive content, content that violates religious feelings, personal rights of third parties, or shows disrespect according to generally accepted social norms and rules of social coexistence; content that is racist, vulgar, promotes violence, contains pornography, fascist or discriminatory material, sexually suggestive content, or is inappropriate for minor Users,
• Content that infringes the rights of third parties, such as copyright or intellectual property rights, or aims to disclose trade secrets or other confidential information,
• Content containing links to other websites, entities other than the Service, competing websites, or online stores not previously approved by the Administrator, especially advertising, marketing, fundraising, or other commercial links,
• Content promoting or advertising other websites, platforms, social media, etc.,
• Content unrelated to a specific service of the Administrator or any action of the Administrator or the Service, or content unrelated to the topic of the Service or the Administrator’s Social Media,
• Content containing personal or contact data,
• Duplicate content that has already appeared on the Service or the Administrator’s Social Media (the User must verify before publishing that the Content is not a copy of existing Content),
• Technical content, queries related to customer service regarding the Administrator’s products or services (for this purpose, the User should contact the addresses provided in the Privacy Policy).

Procedure for Reporting Illegal Content, Appeal Procedure, and Content Moderation

A User who considers a given Content to be Illegal Content or Content violating this Privacy Policy is entitled to report it to the Administrator electronically at the e-mail address provided in the Privacy Policy, specifying the location where the Administrator can review the Content and providing all necessary details for handling the report, including the contact information of the User and any involved third parties (if possible). The User may use the Illegal Content reporting form attached to this Privacy Policy.

If the reporting User does not provide contact information, the Administrator will not be able to notify the User of receipt of the report or the result of its review.

The Administrator will promptly inform the User of the receipt of the Content report.

The Administrator will make a decision regarding the report within no more than 14 days from the date of receipt, in a non-arbitrary, objective manner, and with due diligence. For the purposes of reviewing and making decisions, the Administrator does not use automated means.

The Administrator will notify the User without undue delay about the outcome of the decision regarding the report, including its content and justification.

In the event of Illegal Content or Content violating the Terms, the Administrator may remove it, limit its visibility, block access, demote it, or leave it on the Service. The Administrator may also suspend, terminate, or otherwise limit monetary payments occurring on the Service, suspend or terminate the service in whole or in part, or suspend or close the account of the User or a third party. The Administrator will inform the User and involved third parties of the decision, providing a clear and specific justification (if their contact details are available).

The User may appeal the Administrator’s decision within 14 days of receiving it, providing a justification for the appeal.

The Administrator will review the User’s appeal within 14 days of receipt and communicate the decision along with its justification.

Administrator’s Liability for User Content

The Administrator is not liable for User Content, particularly Illegal Content left within the Service or Online Platform, if the User’s actions violate the Privacy Policy or applicable law. The Administrator makes every effort to handle such Content in accordance with applicable law and the Privacy Policy, including not modifying Content in a way that affects the integrity of submitted or shared information, not facilitating the posting of Illegal Content, promptly taking actions to remove or block access to it in accordance with the Privacy Policy while respecting Users’ fundamental rights, including freedom of expression and information, and acting in good faith with due diligence.

Automated Decision-Making

The Service does not involve automated decision-making, including decisions related to User appeals.

Cooperation with Public Authorities Regarding Notifications of Illegal Content

If the Administrator becomes aware of any information giving reason to suspect that a crime threatening the life or safety of a person or persons has been, is being, or may be committed, they will immediately notify the law enforcement or judicial authorities of the relevant Member State(s) and provide all available information on the matter.

Forwarding Information to the Digital Services Coordinator

The Administrator provides the Digital Services Coordinator responsible for the place of establishment and the Commission – upon their request and without undue delay – with information on the average number of monthly active service Recipients in the EU, calculated as the average over the previous six months and updated at the time of the request. The Digital Services Coordinator or the Commission may request that the Administrator provide additional information regarding the calculation, including explanations and justification of the data used. This information must not contain any Personal Data.

Termination of Use of the Administrator’s Services

The User is entitled to terminate the use of the Administrator’s services at any time. To do so, they may use available methods for ending service use, such as clicking specific buttons to delete an account (if one has been created), unsubscribing from a service, or removing Content they have submitted. The User may also contact the Administrator using the contact details provided in this Privacy Policy. This provision does not affect the Administrator’s duties and rights under other applicable laws, including the continued retention of data, particularly Personal Data, for purposes specified in the Privacy Policy, under the GDPR or other statutes.

Changes to the Terms of Use of the Administrator’s Services

The Administrator will promptly inform the User, using appropriate means, of any significant changes to the terms of use of the Administrator’s services, including changes to rules regarding information permitted about its services or other such changes that may directly affect the Recipients’ ability to use the service.

Privacy Policy Publication Date: 24.10.2023

Last Updated: 17.07.2024

ATTACHMENT No. 1 – TEMPLATE FOR REPORTING ILLEGAL CONTENT OR CONTENT VIOLATING THE TERMS OF SERVICE

Date: …………………………….

Name / Company: …………………………….

Address: ……………………………….

E-mail (if available): …………………………….

Phone number (if available): …………………………….

Order number (if applicable): …………………………….

[except for reports regarding information considered related to one of the offenses referred to in Articles 3–7 of Directive 2011/93/EU]

Link to the Content: …………………………….

[Administrator details: name, address, e-mail]

REPORT OF ILLEGAL CONTENT OR CONTENT VIOLATING THE TERMS OF SERVICE

I hereby report that the following Content has been posted on the Service at the link: ___________________________:

• illegal content
• content violating the Privacy Policy
• content violating the Administrator’s Terms of Service [mark the appropriate option]

Description of the Content and Evidence of Its Existence

The Content posted on the Service violates the following provisions of the Privacy Policy / legal regulations: _________________________ [list provisions] and _________________________________ [list other arguments supporting that the Content is illegal or violates the Privacy Policy].

Additionally, as evidence of my claims, I attach:

• screenshots of the above Content
• Other: ___________________________________ [list and attach]

Information About the Alleged Violator

To the best of my knowledge, the above Content was published/posted by the following person:

Name: _____________________ [if available]

Link to online profile: _____________________ [if available]

E-mail address: _____________________ [if available]

Requests

In view of the above, I request:

• removal of the above Content from the Service
• restriction of visibility of the following information related to the above Content: _________________________ [list] by:
  • blocking the violator’s access to the Content
  • demoting the Content
  • suspending the violator’s account
  • closing the violator’s account
  • suspending service in whole / in part [choose] by the Administrator for the violator
  • terminating service in whole / in part [choose] by the Administrator for the violator
  • suspension, termination, or other limitation of monetary payments in the following manner: _________________________________ [list]
  • other: ________________________________ [list]

Declaration

I declare that I am submitting this report in good faith and believe that the information and allegations contained herein are accurate and complete.

Date: _____________________               Signature [if possible]: ____